Object-oriented verification based on record subtyping in Higher-Order Logic [chapter]

Wolfgang Naraschewski, Markus Wenzel
1998 Lecture Notes in Computer Science  
We show how extensible records with structural subtyping can be represented directly in Higher-Order Logic (HOL). Exploiting some specific properties of HOL, this encoding turns out to be extremely simple. In particular, structural subtyping is subsumed by naive parametric polymorphism, while overridable generic functions may be based on overloading. Taking HOL plus extensible records as a starting point, we then set out to build an environment for object-oriented specification and verification
more » ... (HOOL). This framework offers several well-known concepts like classes, objects, methods and late-binding. All of this is achieved by very simple means within HOL. While this work has originated in the context of Isabelle/HOL [11] , in principle its results carry over to other HOL implementations as well. Subsequently we will always refer to "HOL" in a generic sense. A note on implementation: the latest official Isabelle release (Isabelle98) includes a prototypical package for extensible records. While demonstrating the basic ideas, it is not quite suited for real applications. You should get a more recent (probably unofficial) release for your own experiments. This paper is structured as follows. Section 2 gives some impression on how to use extensible records in general mathematical modeling. We present a simple example of abstract algebra. Section 3 is foundational: after introducing the HOL logic to some extent, we present our particular encoding of extensible records. Section 4 introduces an environment for object-oriented specification and verification (HOOL). We demonstrate its main features by the running example of coloured points and rectangles. Section 5 explains how the HOOL concepts can be represented in HOL. Section 6 discusses object-oriented verification within the HOOL environment. 2 Basic use of extensible records 2.1 What are extensible records anyway? Tuples and records We briefly review some basic notions and notations. Ordinary tuples and tuple types, which are taken for granted, are written as usual in mathematics, e. g. a triple (a, b, c) of type A × B × C. Records are a minor generalization of tuples, where components may be addressed by arbitrary labels (strings, identifiers, etc.) instead of just position. Our concrete record syntax is borrowed from ML: e. g. {x = a, y = b, z = c} denotes an individual record of labels x, y, z and values a, b, c, respectively. The corresponding record type would be of the form {x :: A, y :: B, z :: C}. Note that the labels contribute to record identity, consequently {x = 3, y = 5} is completely different from {foo = 3, bar = 5}. Record schemes Unlike ordinary tuples, records are better suited to a property oriented view in the sense of "record r has field l". As a concise means to refer to classes of records featuring certain fields we introduce schemes, both on the level of records and record types. Patterns of the form {x = a, y = b, . . .} refer to any record having at least fields x, y of value a, b, respectively. The corresponding type scheme is written as {x :: A, y :: B, . . .}. The dots ". . ." are actually part of our notation and are pronounced "more". The more part of record schemes may be instantiated by zero or more further components. In particular, the concrete record {x = a, y = b} is considered a (trivial) instance of the scheme {x = a, y = b, . . .}. As an example of relating records consider schemes {x = a, y = b, . . .} and {x = a, y = b, z = c, . . .}. These are related in the sense that the latter is an extension of the former by addition of field z = c. On the level of types,
doi:10.1007/bfb0055146 fatcat:gjxfdall35g5jb2xxfqs2fpc6u