Safely Creating Correct Subclasses Without Superclass Code Clyde Dwain Ruby Iowa State University
Total Page:16
File Type:pdf, Size:1020Kb
Iowa State University Capstones, Theses and Retrospective Theses and Dissertations Dissertations 2006 Modular subclass verification: safely creating correct subclasses without superclass code Clyde Dwain Ruby Iowa State University Follow this and additional works at: https://lib.dr.iastate.edu/rtd Part of the Computer Sciences Commons Recommended Citation Ruby, Clyde Dwain, "Modular subclass verification: safely creating correct subclasses without superclass code " (2006). Retrospective Theses and Dissertations. 1877. https://lib.dr.iastate.edu/rtd/1877 This Dissertation is brought to you for free and open access by the Iowa State University Capstones, Theses and Dissertations at Iowa State University Digital Repository. It has been accepted for inclusion in Retrospective Theses and Dissertations by an authorized administrator of Iowa State University Digital Repository. For more information, please contact [email protected]. Modular subclass verification: Safely creating correct subclasses without superclass code by Clyde Dwain Ruby A dissertation submitted to the graduate faculty in partial fulfillment of the requirements for the degree of DOCTOR OF PHILOSOPHY Major: Computer Science Program of Study Committee Gary T. Leavens, Major Professor Samik Basu Clifford Bergman Shashi K. Gadia Jonathan D. H. Smith Iowa State University Ames, Iowa 2006 Copyright © Clyde Dwain Ruby, 2006. All rights reserved. UMI Number: 3243833 Copyright 2006 by Ruby, Clyde Dwain All rights reserved. UMI Microform 3243833 Copyright 2007 by ProQuest Information and Learning Company. All rights reserved. This microform edition is protected against unauthorized copying under Title 17, United States Code. ProQuest Information and Learning Company 300 North Zeeb Road P.O. Box 1346 Ann Arbor, MI 48106-1346 ii TABLE OF CONTENTS ACKNOWLEDGEMENTS . viii ABSTRACT . ix CHAPTER 1: INTRODUCTION . 1 1.1 Background . 1 1.2 The Problem . 1 1.3 Specification of Method Behavior . 3 1.3.1 Public Specifications . 3 1.4 Specification of the Method Calling Structure . 6 1.4.1 Subclasses and Specification Inheritance . 7 1.4.2 Protected Specifications . 9 1.4.3 The Subclassing Contract . 13 1.4.4 Summary . 13 1.5 Protecting Internal Objects . 15 1.6 Approach, Contributions, and Assumptions . 18 1.6.1 Approach . 18 1.6.2 The Three Part Specification . 20 1.6.3 Class Library and Framework Implementation Guidelines . 20 1.6.4 Tool Support . 21 1.6.5 Notation and Terminology . 21 1.6.6 Assumptions . 22 1.7 Outline of Dissertation . 24 CHAPTER 2: PREVENTING UNVERIFIABLE BEHAVIOR . 26 2.1 Introduction . 26 2.2 New Subclass Instance Variables . 27 2.2.1 Additional Side-Effects . 28 2.2.1.1 Data groups . 28 2.2.1.2 Data group dependencies . 28 2.2.1.3 Visibility requirements . 29 2.2.1.4 Nested data groups and indirect dependencies . 32 2.2.1.5 Additional side-effects . 33 2.2.2 The Additional Side-Effects Overriding Rule . 34 2.2.2.1 Abstract classes . 36 2.2.2.2 Subclass invariants . 37 iii 2.2.3 The Additional Side-Effects Invalidation Rule . 39 2.3 Method Refinement . 42 2.4 Subclass Invariants . 44 2.4.1 The Invariant Invalidation Rule . 44 2.4.2 The Invariant Overriding Rule . 46 2.4.3 Explicit Parameter Objects . 46 2.4.4 Temporary Side-Effects . 50 2.4.5 Downcalls by Constructors . 52 2.5 Mutually Recursive Methods . 54 2.6 Private Variables and Methods . 58 2.6.1 Maintaining private superclass fields . 58 2.6.1.1 An alternative approach . 60 2.6.1.2 Summary . 62 2.6.2 Visibility of type invariants . 63 2.6.3 Private field accesses . 64 2.6.4 Private method calls . 64 2.7 Concrete Data Refinement . 65 2.8 Super-Calls . 68 2.9 Discussion . 69 2.9.1 Non-Refining Methods . 69 2.9.2 Unoverrideable Methods . 72 2.9.3 Unimplementable Subclasses . 73 2.9.4 Invalidation Rules Revisited . 75 2.9.4.1 The Additional Side-Effects Invalidation Rule revisited . 75 2.9.4.2 The constructor invalidation rules revisited . 77 2.9.4.3 Summary . 78 2.9.5 Package Visible Fields and Methods . 78 2.9.6 The Subclassing Contract as a Specification . 79 2.9.6.1 Properties of specifications . 79 2.9.6.2 The subclassing contract . 80 2.9.7 Summary . 81 2.9.7.1 Comparison with our previously published work . 83 CHAPTER 3: PREVENTING UNEXPECTED SIDE-EFFECTS . 84 3.1 Introduction . 84 3.2 Terminology and Concepts . ..