Liskov Substitution Principle

The Liskov substitution principle (LSP) is a particular definition of a subtyping relation, called strong behavioral subtyping, that was initially introduced by Barbara Liskov in a 1988 conference keynote address titled ''Data abstraction and hierarchy''. It is based on the concept of "substitutability" a principle in object-oriented programming stating that an object (such as a class) may be replaced by a sub-object (such as a class that extends the first class) without breaking the program. It is a semantic rather than merely syntactic relation, because it intends to guarantee semantic interoperability of types in a hierarchy, object types in particular. Barbara Liskov and Jeannette Wing described the principle succinctly in a 1994 paper as follows:

''Subtype Requirement'': Let be a property provable about objects of type . Then should be true for objects of type where is a subtype of .

Symbolically:
:$S <: T \to (\forall xT) \phi(x) \to (\forall yS) \phi(y)$
That is, if S subtypes T, what holds for T-objects holds for S-objects.
In the same paper, Liskov and Wing detailed their notion of behavioral subtyping in an extension of Hoare logic, which bears a certain resemblance to Bertrand Meyer's design by contract in that it considers the interaction of subtyping with preconditions, postconditions and invariants.

Principle

Liskov's notion of a behavioural subtype defines a notion of substitutability for objects; that is, if ''S'' is a subtype of ''T'', then objects of type ''T'' in a program may be replaced with objects of type ''S'' without altering any of the desirable properties of that program (e.g. correctness).

Behavioural subtyping is a stronger notion than typical subtyping of functions defined in type theory, which relies only on the contravariance of parameter types and covariance of the return type. Behavioural subtyping is undecidable in general: if ''q'' is the property "method for ''x'' always terminates", then it is impossible for a program (e.g. a compiler) to verify that it holds true for some subtype ''S'' of ''T'', even if ''q'' does hold for ''T''. Nonetheless, the principle is useful in reasoning about the design of class hierarchies.

Liskov substitution principle imposes some standard requirements on signatures that have been adopted in newer object-oriented programming languages (usually at the level of classes rather than types; see nominal vs. structural subtyping for the distinction):

* Contravariance of method parameter types in the subtype.
* Covariance of method return types in the subtype.
* New exceptions cannot be thrown by the methods in the subtype, except if they are subtypes of exceptions thrown by the methods of the supertype.

In addition to the signature requirements, the subtype must meet a number of behavioural conditions. These are detailed in a terminology resembling that of design by contract methodology, leading to some restrictions on how contracts can interact with inheritance:

* Preconditions cannot be strengthened in the subtype.
* Postconditions cannot be weakened in the subtype.
* Invariants must be preserved in the subtype.
* History constraint (the "history rule"). Objects are regarded as being modifiable only through their methods ( encapsulation). Because subtypes may introduce methods that are not present in the supertype, the introduction of these methods may allow state changes in the subtype that are not permissible in the supertype. The history constraint prohibits this. It was the novel element introduced by Liskov and Wing. A violation of this constraint can be exemplified by defining a ''mutable point'' as a subtype of an ''immutable point''. This is a violation of the history constraint, because in the history of the ''immutable point'', the state is always the same after creation, so it cannot include the history of a ''mutable point'' in general. Fields added to the subtype may however be safely modified because they are not observable through the supertype methods. Thus, one can define a ''circle with immutable center and mutable radius'' as a subtype of an ''immutable point'' without violating the history constraint.

Origins

The rules on pre- and postconditions are identical to those introduced by Bertrand Meyer in his 1988 book ''Object-Oriented Software Construction''. Both Meyer, and later Pierre America, who was the first to use the term ''behavioral subtyping'', gave proof-theoretic definitions of some behavioral subtyping notions, but their definitions did not take into account aliasing that may occur in programming languages that support references or pointers. Taking aliasing into account was the major improvement made by Liskov and Wing (1994), and a key ingredient is the history constraint. Under the definitions of Meyer and America, a mutable point would be a behavioral subtype of an immutable point, whereas Liskov substitution principle forbids this.

Criticism

While widely used, the characterization of behavioral subtyping as the ability to substitute subtype objects for supertype objects has been said to be flawed. It makes no mention of ''specifications'', so it invites an incorrect reading where the ''implementation'' of the supertype is compared to the ''implementation'' of the subtype. This is problematic for several reasons, one being that it does not support the common case where the supertype is abstract and has no implementation. Also, more subtly, in the context of object-oriented imperative programming it is difficult to define precisely what it means to universally or existentially quantify over objects of a given type, or to substitute one object for another. When applying subtyping, generally we are not substituting subtype objects for supertype objects, we are simply using subtype objects as supertype objects. That is, it is the same objects, the subtype objects, that ''are also'' supertype objects.

In an interview in 2016, Liskov herself explains that what she presented in her keynote address was an "informal rule", that Jeannette Wing later proposed that they "try to figure out precisely what this means", which led to their joint publication on behavioral subtyping, and indeed that "technically, it's called behavioral subtyping". During the interview, she does not use substitution terminology to discuss the concepts.

See also

* Composition over inheritance
* Program refinement
* Referential transparency
* Type signature
* SOLID – the "L" in "SOLID" stands for Liskov substitution principle

References

Bibliography

Specific references

* A keynote address in which Liskov first formulated the principle.
*

General reference

* This paper surveys various notions of behavioral subtyping, including Liskov and Wing's.
*
An updated version appeared: The formalization of the principle by its authors.
* Contains a gentler introduction to behavioral subtyping in its various forms in chapter 2.
* An article popular in the object-oriented programming community that gives several examples of LSP violations.
* This paper discusses LSP in the mentioned context.

External links

*

Liskov Substitution Principle ExplainedSOLID Class Design: The Liskov Substitution PrincipleLSP: Liskov Substitution Principle

{{DEFAULTSORT:Liskov Substitution Principle
Object-oriented programming
Type theory
Programming principles
Formal methods
Programming language semantics