Complete verification case study

The Iterator pattern

Jonathan Nicholson, Amnon H Eden, Epameinondas Gasparis
Department of Computer Science, University of Essex, United Kingdom

Draft: 14 August 2007

Abstract

A complete case study of an implementation of the Iterator design pattern, and verification thereof.

The program and the design model

The program presented shows two "collection" classes; one for lists and one for sets, both encapsulate an array as its main method of data storage. The classes are incomplete as they are missing the behaviour (methods) common to classes of this type, these are not shown as they provide more than the desired complexity for the purposes of this example.
See Abstract Semantics for Java 1.4 Programs for further details on how the finite structure has been generated.

Source code

public abstract class AbstractCollection {
  public abstract Iterator iterator();
}

public class List extends AbstractCollection {
  private Object[] data;
  
  ...
  
  public Iterator iterator() {
    return new ListIterator();
  }
}

public class Set extends AbstractCollection {
  private Object[] data;
  
  ...
  
  public Iterator iterator() {
    return new SetIterator();
  }
}

public interface Iterator {
  public Object next();
}

class ListIterator implements Iterator {
  public Object next() {
    ...
  }
}

class SetIterator implements Iterator {
  public Object next() {
    ...
  }
}
				

Finite structure

Design model

The design model is as the finite structure above, but also includes the following higher-dimensional entities (see Entities):

Assigning variables to constants

See the "gang of four" companion for more information on their design patterns, including how the Iterator pattern looks when modelled in LePUS3. Also see the LePUS3 and Class-Z Reference Manual for more information on assignments (Definition XX), and the differences between open and closed specifications (Definition XV). Each specification presented here takes the form of a Class-Z Schema (Definition XIV).

The Iterator pattern

Assignment

Assignment is defined as:

The Iterator after assignment

Verification algorithm

See Verification of LePUS3/Class-Z Specifications: Sample models and Abstract Semantics for Java 1.4 (part 2) for further details on how each specified property can be verified.

Declarations

Superimpositions

See Definition IX for more information on superimpositions.

Formulas

References