docPersistant Arrays in Java/KML
download 
Plainte Transcription
Persistant Arrays in Java/KML
Persistent
Arrays
in Java/KML
Claude
Marché
Persistant Arrays in Java/KML
Introduction
Java
specification
Arrays with
diffs
Conclusions
Claude Marché
INRIA, project-team ProVal
http://proval.lri.fr
INRIA Saclay & LRI, CNRS & Université Paris-Sud 11
Orsay, France
Réunion CeProMi — 20 mars 2008
Persistent
Arrays
in Java/KML
Outline
Claude
Marché
Introduction
Java
specification
1 Introduction
Arrays with
diffs
Conclusions
2 Java specification
3 Arrays with diffs
4 Conclusions
Persistent
Arrays
in Java/KML
Outline
Claude
Marché
Introduction
Java
specification
1 Introduction
Arrays with
diffs
Conclusions
2 Java specification
3 Arrays with diffs
4 Conclusions
Persistent
Arrays
in Java/KML
Claude
Marché
Introduction
Java
specification
Arrays with
diffs
Purely functional arrays
Purely functional arrays or logic arrays
To avoid polymorphism issue: let’s consider array of reals
• Abstract data type named tab
• Creation:
create : Z × R → tab
Conclusions
create(n, x): indexed from 0 to n − 1, each cell contains
x
• Access to a cell:
select : tab × Z → R
• Update of a cell:
store : tab × Z × R → tab
Persistent
Arrays
in Java/KML
Properties
Claude
Marché
Introduction
Java
specification
• Persistence property:
Arrays with
diffs
t1 ← create(4, 1.1);
Conclusions
t2 ← store(t1 , 0, 2.2);
then select(t1 , 0) gives 1.1
• Logic properties:
select(store(t, i, x), i) = x
i 6= j ⇒ select(store(t, i, x), j) = select(x, j)
etc. (theory of array)
Persistent
Arrays
in Java/KML
Concrete implementations
Claude
Marché
Introduction
Java
specification
Arrays with
diffs
Conclusions
• Fairly efficient: balanced trees
• Caml: Map
• Java: TreeMap (persistent ?? todo)
• More efficient: arrays with diffs
• Origins: Baker ? todo
• Conchon-Filliatre 07 : todo
• has hidden side-effects
Persistent
Arrays
in Java/KML
Outline
Claude
Marché
Introduction
Java
specification
1 Introduction
Arrays with
diffs
Conclusions
2 Java specification
3 Arrays with diffs
4 Conclusions
Persistent
Arrays
in Java/KML
Java interfaces
Claude
Marché
Introduction
Java
specification
Arrays with
diffs
Conclusions
Java interface system allow:
• Interface declarations:
• interface name
• method profiles
• Rough « refinement » system:
• class implements interface
Persistent
Arrays
in Java/KML
PA: Java interface
Claude
Marché
Introduction
Java
specification
interface PArrayInterface {
Arrays with
diffs
static PArrayInterface create(int n);
Conclusions
double get(int i);
PArrayInterface set(int i, double x);
}
• beware of OO idioms: object this is an implicit
argument, except with modifier static
• of course: specifications missing
Persistent
Arrays
in Java/KML
KML
Claude
Marché
Introduction
Java
specification
Arrays with
diffs
Conclusions
• JML: Java Modeling Language
• Widely spread BISL for Java
• JML main tool: compiler with runtime assertion
checking
• static verification tools: ESC-Java2, KeY, etc.
• KML: JML variation for Krakatoa
• for deductive verification only
• no pure method calls in assertions
• logic types specifications
Persistent
Arrays
in Java/KML
Claude
Marché
Introduction
Java
specification
Arrays with
diffs
Conclusions
Logic arrays in KML
//@ type larray
//@ logic larray create(double x);
//@ logic double select(larray t, integer i);
/*@ logic larray
@ store(larray t, integer i, double x);
@*/
/*@ axiom select_store_eq:
@ \forall larray t, integer i, double x;
@
select(store(t,i,x),i) == x;
@*/
/*@ axiom select_create:
@ \forall integer i, double x;
@
select(create(x),i) == x;
@*/
/*@ axiom select_store_neq:
@ \forall larray t, integer i, integer j;
@
\forall double x;
Persistent
Arrays
in Java/KML
Claude
Marché
Introduction
Model for PArray interface
• Use of model fields
• which define an abstract state
Java
specification
Arrays with
diffs
Conclusions
interface PArrayInterface {
//@ model larray model_array;
//@ model integer model_length;
/*@ requires n >= 0;
@ assigns \nothing;
@ ensures \fresh(\result);
@ ensures
@
\result.model_array == create(0.0);
@ ensures \result.model_length == n;
@*/
static PArrayInterface create(int n);
Persistent
Arrays
in Java/KML
Model for PArray interface
Claude
Marché
Introduction
Java
specification
Arrays with
diffs
Conclusions
/*@ requires 0 <= i < this.model_length;
@ assigns \nothing;
@ ensures
@
\result == select(this.model_array,i);
@*/
double get(int i);
Persistent
Arrays
in Java/KML
Model for PArray interface
Claude
Marché
Introduction
Java
specification
Arrays with
diffs
Conclusions
/*@ requires 0 <= i < this.model_length;
@ assigns \nothing;
@ ensures \fresh(\result);
@ ensures
@
\result.model_array ==
@
store(this.model_array,i,x);
@ ensures
@
\result.model_length ==
@
this.model_length;
@*/
PArrayInterface set(int i, double x);
Persistent
Arrays
in Java/KML
Outline
Claude
Marché
Introduction
Java
specification
1 Introduction
Arrays with
diffs
Conclusions
2 Java specification
3 Arrays with diffs
4 Conclusions
Persistent
Arrays
in Java/KML
Array with diffs: main ideas
Claude
Marché
Introduction
Java
specification
Arrays with
diffs
Conclusions
• t1 ← create(4, 1.1)
t1 → Arr 1.1 1.1 1.1 1.1
• t2 ← store(t1 , 0, 2.2)
t1 → Diff 0 1.1
?
t2 → Arr 2.2 1.1 1.1 1.1
• access to last array in constant time!
• t1 is modified by store!
• even better: rerooting cf. ConchonFilliatre
Persistent
Arrays
in Java/KML
Arrays with diffs in Caml
Claude
Marché
Introduction
Java
specification
Arrays with
diffs
Conclusions
Demo: see parray.ml
Persistent
Arrays
in Java/KML
in Java
Claude
Marché
Introduction
Java
specification
Arrays with
diffs
Conclusions
Demo: see PArray.java
Persistent
Arrays
in Java/KML
Outline
Claude
Marché
Introduction
Java
specification
1 Introduction
Arrays with
diffs
Conclusions
2 Java specification
3 Arrays with diffs
4 Conclusions
Persistent
Arrays
in Java/KML
Work to do
Claude
Marché
Introduction
Java
specification
Arrays with
diffs
Conclusions
• Design sound rules to guarantee that the
implementation refines the specified interface
• which refinement rule(s) ? (what about memory
allocation ?)
• why hidden side effects allowed ? →separation property
• Prove the PArray Java program
• For fun: add rerooting
• Caml version: which specification ?
• Extend to polymorphic arrays
• support for Java generics ?
• any issue of cell contents is in-place modifiable ?
