Verified Subtyping with Traits and Mixins

Slides:



Advertisements
Similar presentations
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Advertisements

Type Systems and Object- Oriented Programming (III) John C. Mitchell Stanford University.
Automated Verification with HIP and SLEEK Asankhaya Sharma.
Giving a formal meaning to “Specialization” In these note we try to give a formal meaning to specifications, implementations, their comparisons. We define.
Reusable Classes.  Motivation: Write less code!
General OO Concepts and Principles CSE301 University of Sunderland Harry R. Erwin, PhD.
CSE341: Programming Languages Lecture 22 Multiple Inheritance, Interfaces, Mixins Dan Grossman Fall 2011.
Typing Issues and LSP Amit Shabtay. March 3rd, 2004 Object Oriented Design Course 2 Typing Static typing Readability (Java vs. Pearl) Catching errors.
OOP in Java Nelson Padua-Perez Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.
Feb. 23, 2004CS WPI1 CS 509 Design of Software Systems Lecture #5 Monday, Feb. 23, 2004.
Chapter 10 Classes Continued
Component Software Beyond Object-Oriented Programming Clements Szyperski Chapter 7 – Object versus class composition or how to avoid inheritance Alexandre.
Object-oriented design CS 345 September 20,2002. Unavoidable Complexity Many software systems are very complex: –Many developers –Ongoing lifespan –Large.
Taming the Wildcards: Combining Definition- and Use-Site Variance – Altidor John Altidor Taming the Wildcards: Combining Definition- and Use-Site Variance.
Subclasses and Subtypes CMPS Subclasses and Subtypes A class is a subclass if it has been built using inheritance. ▫ It says nothing about the meaning.
OOPs Object oriented programming. Based on ADT principles  Representation of type and operations in a single unit  Available for other units to create.
CSE 332: C++ templates This Week C++ Templates –Another form of polymorphism (interface based) –Let you plug different types into reusable code Assigned.
The Scala Programming Language presented by Donna Malayeri.
CSC 211 Introduction to Design Patterns. Intro to the course Syllabus About the textbook – Read the introduction and Chapter 1 Good attendance is the.
- Neeraj Chandra.  It’s language written by by Martin Odersky at EPFL  It’s language written by by Martin Odersky at EPFL (École Polytechnique Fédérale.
Introduction to Object Oriented Programming CMSC 331.
OOP Class Lawrence D’Antonio Lecture 3 An Overview of C++
Instructor: Tasneem Darwish1 University of Palestine Faculty of Applied Engineering and Urban Planning Software Engineering Department Object Oriented.
Incremental Design Why incremental design? Goal of incremental design Tools for incremental design  UML diagrams  Design principles  Design patterns.
Elements of OO Abstraction Encapsulation Modularity Hierarchy: Inheritance & Aggregation 4 major/essential elements3 minor/helpful elements Typing Concurrency.
David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 17: Inheritance & Behavioral.
(1) ICS 313: Programming Language Theory Chapter 12: Object Oriented Programming.
OOPs Object oriented programming. Abstract data types  Representationof type and operations in a single unit  Available for other units to create variables.
David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 16: Smalltalking about Objects.
Five design principles
CSSE501 Object-Oriented Development. Chapter 10: Subclasses and Subtypes  In this chapter we will explore the relationships between the two concepts.
Class Relationships Lecture Oo08 Polymorphism. References n Booch, et al, The Unified Modeling Language User Guide, Chapt 10 p.125 n Fowler & Scott, UML.
Principles of Programming & Software Engineering
Chapter 10 Thinking in Objects
Types for Programs and Proofs
Chapter 10 Thinking in Objects
Chapter 10 Thinking in Objects
Introduction to Design Patterns
CSE341: Programming Languages Lecture 23 Multiple Inheritance, Mixins, Interfaces, Abstract Methods James Wilcox Winter 2017.
Multi-Methods in Cecil
CSE687 - Object Oriented Design class notes Survey of the C++ Programming Language Jim Fawcett Spring 2004.
Object-Oriented Database Management System (ODBMS)
Software Engineering Fall 2005
Agenda Warmup AP Exam Review: Litvin A2
Principles of Programming and Software Engineering
Copyright © by Curt Hill
Adaptive Code Via C#
object oriented Principles of software design
CSE341: Programming Languages Lecture 23 Multiple Inheritance, Mixins, Interfaces, Abstract Methods Zach Tatlock Winter 2018.
Chapter 9 Thinking in Objects
CSE341: Programming Languages Lecture 23 Multiple Inheritance, Mixins, Interfaces, Abstract Methods Dan Grossman Autumn 2018.
11/29/2018 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
CSE341: Programming Languages Lecture 23 Multiple Inheritance, Mixins, Interfaces, Abstract Methods Dan Grossman Spring 2016.
Objects and Aspects: What we’ve seen so far
CSE341: Programming Languages Lecture 23 Multiple Inheritance, Mixins, Interfaces, Abstract Methods Dan Grossman Spring 2017.
Chapter 9 Thinking in Objects
CIS601: Object-Oriented Programming in C++
The SOLID Principles.
Sub-system interfaces
CSE341: Programming Languages Lecture 23 Multiple Inheritance, Mixins, Interfaces, Abstract Methods Dan Grossman Autumn 2017.
Subtype Substitution Principle
Some principles for object oriented design
Jim Fawcett CSE687 – Object Oriented Design Spring 2014
Inheritance Lakshmish Ramaswamy.
C++ Object Oriented 1.
From Use Cases to Implementation
CSE341: Programming Languages Lecture 23 Multiple Inheritance, Mixins, Interfaces, Abstract Methods Dan Grossman Spring 2019.
Brett Wortzman Summer 2019 Slides originally created by Dan Grossman
Presentation transcript:

Verified Subtyping with Traits and Mixins Asankhaya Sharma National University of Singapore

Object Oriented Design S – Single Responsibility O – Open Close L – Liskov Substitution I – Interface Segregation D – Dependency Inversion First proposed by Robert C. Martin in comp.object newsgroup in March 1995 1/16/2019 FSFMA 2014

Liskov Substitution Principle “Let q(x) be a property provable about objects x of type T. Then q(y) should be provable for objects y of type S where S is a subtype of T” - Barbara Liskov and Jeannette Wing 1/16/2019 FSFMA 2014

Behavior Subtyping Useful to reason about design of class hierarchies Stronger notion than typical subtyping of functions defined in type theory Function subtyping is based on contravariance of argument types and covariance of the return type Behavioral subtyping is trivially undecidable If the property is “this method always terminates” 1/16/2019 FSFMA 2014

Contributions Subtyping with Traits and Mixins in Scala By checking entailments in separation logic Extend Scala with a domain specific language (SLEEK DSL) Allows Scala programmers to insert subtyping checks in their programs Case study on subtyping in Scala Standard Library Verified subtyping in 67% of Mixins 1/16/2019 FSFMA 2014

Traits and Mixins Traits Mixin Composition (Mixin) Fine grained unit of reuse Similar to abstract classes but some methods can have implementations as well Mixin Composition (Mixin) A class which contains a combination of methods from other traits and classes Similar to multiple inheritance if the combination contains all methods of combined classes 1/16/2019 FSFMA 2014

Traits Example trait ICell { def get() : Int def set(x : Int) } trait BICell extends ICell { private var x : Int = 0 def get() { x } def set(x : Int) { this.x = x } } Similar to an Abstract Class Implementation of ICell 1/16/2019 FSFMA 2014

Traits Example (cont.) trait Double extends ICell { abstract override def set(x : Int) { super.set(2*x) } } trait Inc extends ICell { abstract override def set(x : Int) { super.set(x+1) } } 1/16/2019 FSFMA 2014

Mixins Example OddICell (odd values) EvenICell (even values) class OddICell extends BICell with Inc with Double EvenICell (even values) class EvenICell extends BICell with Double with Inc OddICellDoubleIncBICell Class Linearization EvenICellIncDoubleBICell 1/16/2019 FSFMA 2014

Scala doesn’t enforce Subtyping def m (c: BICell with Inc with Double) : Int { c.get } val oic = new OddICell val eic = new EvenICell m(oic) m(eic) Both calls are allowed by the type system Only object oic is subtype of c 1/16/2019 FSFMA 2014

Verified Subtyping A mixin can be represented as a separation logic predicate based on class linearization OddICellDoubleIncBICell OddICell<this> == BICell<this,p> * Inc<p,q> * Double<q,null> EvenICellIncDoubleBICell EvenICell<this> == BICell<this,p> * Double<p,q> * Inc<q,null> 1/16/2019 FSFMA 2014

From Subtyping to Entailment Subtyping can be reduced to checking entailment between the predicates m(oic) OddICell<oic> |- BICell<c,p> * Inc<p,q> * Double<q,null> Valid m(eic) EvenICell<eic> |- BICell<c,p> * Inc<p,q> * Double<q,null> Invalid 1/16/2019 FSFMA 2014

SLEEK DSL Implementation based on SLEEK An existing separation logic based entailment prover Supports user defined predicates and user specified lemmas With Shape, Size, and Bag properties 1/16/2019 FSFMA 2014

Implementation Overview sleek.lib SLEEK exe sleek.dsl sleek.inter Scala Programs Scala Interpreter 1/16/2019 FSFMA 2014

Scala with SLEEK DSL Insert checks in Scala programs to verify subtyping using SLEEK DSL def m (c: BICell with Inc with Double) : Int { c.get } val oic = new OddICell val eic = new EvenICell if (OddICell<oic> |- BICell<c,p> * Inc<p,q> * Double<q,null> ) m(oic) if (EvenICell<eic> |- BICell<c,p> * Inc<p,q> * Double<q,null>) m(eic) 1/16/2019 FSFMA 2014

Experiments Scala Standard Library Considered four class hierarchies Exceptions Maths Parser Combinators Collections 1/16/2019 FSFMA 2014

Results Class Hierarchy Mixins in the Hierarchy Mixins with Verified Subtyping Percentage Exceptions 11 100 Maths 5 4 80 Combinators 6 Collections 27 12 44 Total 49 33 67 Traits provide more flexibility, 33% of Mixins use Traits in a way that does not conform to subytping 1/16/2019 FSFMA 2014

Conclusions We use entailment proving in separation logic to check subtyping with Traits and Mixins A domain specific language based on SLEEK to check entailments from Scala programs Case study based on Scala Standard Library 1/16/2019 FSFMA 2014

Perspectives Lays the foundation for verifying OO Scala programs Specification reuse with traits and mixins Inheritance verification Static and Dynamic Specifications for traits and mixins Avoid re-verification Compositional and modular 1/16/2019 FSFMA 2014

Thank You ! Questions ? Scala with SLEEK DSL Contact Web Tool, Source Code and Sample Programs http://loris-7.ddns.comp.nus.edu.sg/~project/SLEEKDSL/ Contact asankhaya@nus.edu.sg 1/16/2019 FSFMA 2014