Chair of Software Engineering Void safety these slides contain advanced material and are optional.

Slides:



Advertisements
Similar presentations
Chair of Software Engineering Einführung in die Programmierung Introduction to Programming Prof. Dr. Bertrand Meyer Exercise Session 5.
Advertisements

Eiffel: Analysis, Design and Programming Bertrand Meyer (Nadia Polikarpova) Chair of Software Engineering.
Introduction to Linked Lists In your previous programming course, you saw how data is organized and processed sequentially using an array. You probably.
Chair of Software Engineering Einführung in die Programmierung Introduction to Programming Prof. Dr. Bertrand Meyer Lecture 7: References and Assignment.
Chair of Software Engineering CAT calls (Changed Availability or Type) these slides contain advanced material and are optional.
Chair of Software Engineering Constants, once routines, and helper functions these slides contain advanced material and are optional.
CSE 341, Winter Type Systems Terms to learn about types: –Type –Type system –Statically typed language –Dynamically typed language –Type error –Strongly.
6/10/2015C++ for Java Programmers1 Pointers and References Timothy Budd.
Avoid a void Bertrand Meyer With major contributions by Emmanuel Stapf & Alexander Kogtenkov (Eiffel Software)
1 Advanced Material The following slides contain advanced material and are optional.
Chair of Software Engineering Einführung in die Programmierung Introduction to Programming Prof. Dr. Bertrand Meyer Lecture 6: Object Creation.
1 Advanced Material The following slides contain advanced material and are optional.
Chair of Software Engineering Avoid a void Bertrand Meyer ©Bertrand Meyer, 2008.
Chair of Software Engineering Einführung in die Programmierung Introduction to Programming Prof. Dr. Bertrand Meyer Lecture 6: Object Creation.
 2006 Pearson Education, Inc. All rights reserved Introduction to Classes and Objects.
Chair of Software Engineering Automatic Verification of Computer Programs.
Data Abstraction and Object- Oriented Programming CS351 – Programming Paradigms.
Declaring and Checking Non-null Types in an Object-Oriented Language Authors: Manuel Fahndrich K. Rustan M. Leino OOPSLA’03 Presenter: Alexander Landau.
1 Type Type system for a programming language = –set of types AND – rules that specify how a typed program is allowed to behave Why? –to generate better.
Introduction to Classes and Objects CS-2303, C-Term Introduction to Classes and Objects CS-2303 System Programming Concepts (Slides include materials.
1 Types Object Oriented Programming Spring 2007.
Chair of Software Engineering ATOT - Lecture 7, 23 April Advanced Topics in Object Technology Bertrand Meyer.
Chair of Software Engineering ATOT - Lecture 22, 18 June Advanced Topics in Object Technology Bertrand Meyer.
Computer Science and Software Engineering University of Wisconsin - Platteville 7. Inheritance and Polymorphism Yan Shi CS/SE 2630 Lecture Notes.
Ranga Rodrigo. Class is central to object oriented programming.
Unit Testing & Defensive Programming. F-22 Raptor Fighter.
1-Sep-15 Scala Apologia. 2 Java What’s wrong with Java? Not designed for highly concurrent programs The original Thread model was just wrong (it’s been.
CSM-Java Programming-I Spring,2005 Introduction to Objects and Classes Lesson - 1.
 2006 Pearson Education, Inc. All rights reserved Classes: A Deeper Look.
C++ Programming: Program Design Including Data Structures, Fourth Edition Chapter 13: Pointers, Classes, Virtual Functions, and Abstract Classes.
C++ Programming: From Problem Analysis to Program Design, Fourth Edition Chapter 14: Pointers, Classes, Virtual Functions, and Abstract Classes.
Introduction to Object Oriented Programming. Object Oriented Programming Technique used to develop programs revolving around the real world entities In.
Designing Programming Languages to Improve Software Quality David J. Pearce Software Quality New Zealand, August
CSC3315 (Spring 2009)1 CSC 3315 Programming Languages Hamid Harroud School of Science and Engineering, Akhawayn University
Names Variables Type Checking Strong Typing Type Compatibility 1.
Hello.java Program Output 1 public class Hello { 2 public static void main( String [] args ) 3 { 4 System.out.println( “Hello!" ); 5 } // end method main.
Defining and Converting Data Copyright Kip Irvine, 2003 Last Update: 11/4/2003.
Chair of Software Engineering 1 Introduction to Programming Bertrand Meyer Exercise Session October 2008.
Comp 249 Programming Methodology Chapter 13 Interfaces & Inner Classes Dr. Aiman Hanna Department of Computer Science & Software Engineering Concordia.
Programming in Java CSCI-2220 Object Oriented Programming.
SOEN 343 Software Design Section H Fall 2006 Dr Greg Butler
6-Feb-16 Scala Apologia. 2 Java What’s wrong with Java? Not designed for highly concurrent programs The original Thread model was just wrong (it’s been.
Defensive Programming. Good programming practices that protect you from your own programming mistakes, as well as those of others – Assertions – Parameter.
13-Jun-16 Scala Apologia. 2 Java What’s wrong with Java? Not designed for highly concurrent programs The original Thread model was just wrong (it’s been.
Design issues for Object-Oriented Languages
Data Types In Text: Chapter 6.
Introduction to Linked Lists
Type Checking Generalizes the concept of operands and operators to include subprograms and assignments Type checking is the activity of ensuring that the.
Accessible Formal Methods A Study of the Java Modeling Language
Type Systems Terms to learn about types: Related concepts: Type
Fall 2017 CISC124 9/18/2018 CISC124 First onQ quiz this week – write in lab. More details in last Wednesday’s lecture. Repeated: The quiz availability.
Pointers and References
.NET and .NET Core 5.2 Type Operations Pan Wuming 2016.
The following slides contain advanced material and are optional.
Generic programming in Java
Object Oriented Programming in java
Scala Apologia 1-Jan-19.
Units with – James tedder
Fall 2018 CISC124 2/22/2019 CISC124 Quiz 1 This Week. Topics and format of quiz in last Tuesday’s notes. The prof. (me!) will start grading the quiz.
9-10 Classes: A Deeper Look.
Object Oriented Programming in java
Java Modeling Language (JML)
Assertions References: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 4/25/2019.
Winter 2019 CMPE212 5/10/2019 CMPE212 – Reminders
CIS 110: Introduction to Computer Programming
9-10 Classes: A Deeper Look.
Classes and Objects Systems Programming.
SPL – PS2 C++ Memory Handling.
Introduction to Classes and Objects
Presentation transcript:

Chair of Software Engineering Void safety these slides contain advanced material and are optional

The inventor of null references I call it my billion-dollar mistake. It was the invention of the null reference in At that time, I was designing the first comprehensive type system for references in an object oriented language (ALGOL W). My goal was to ensure that all use of references should be absolutely safe, with checking performed automatically by the compiler. But I couldn't resist the temptation to put in a null reference, simply because it was so easy to implement. This has led to innumerable errors, vulnerabilities, and system crashes, which have probably caused a billion dollars of pain and damage in the last forty years. By Tony Hoare,

Problems of void-calls Entities are either – Attached: referencing a valid object – Detached: Void (or null) Calls on detached entities cause a runtime error Runtime errors are bad... 3 How can we prevent this problem?

Solution to void-calls Statically attached: Checked at compile-time Dynamically attached: Attached at runtime Consistency: 4 A call f.x (...) is only allowed, if f is statically attached. If f is statically attached, its possible runtime values are dynamically attached.

Statically attached entities Attached types – Reference types that cannot be Void – x: attached STRING Certified attachment patterns (CAP) – Code pattern where attachment is guaranteed – if x /= Void then x.f end (where x is a local) Object test – Assign result of arbitrary expression to a local – Boolean value indicating if result is attached – if attached x as l then l.f end 5

Attached types Can declare type of entities as attached or detachable – att: attached STRING – det: detachable STRING Attached types – Can call features: att.to_upper – Can be assign to detachable: det := att – Cannot be set to void: att := Void Detachable types – No feature calls: det.to_upper – Cannot be assign to attached: att := det – Can be set to void: det := Void 6

Attached types (cont.) Entities need to be initialized – Detachable: Void – Attached: assignment or creation Initialization rules for attached types – Locals: before first use – Attributes: at end of each creation routine – Compiler uses control-flow analysis Types without attachment mark – Default can be set in project settings – Default for void-safe projects should be attached 7

Attached types demo EiffelStudio settings Declarations Error messages Initialization 8

Certified attachment pattern (CAP) Code patterns where attachment is guaranteed Basic CAPs for locals and arguments – Void check in conditional or semi-strict operator – Setter or creation 9 capitalize (a_string: detachable STRING) do if a_string /= Void then a_string.to_upper end ensure a_string /= Void implies a_string.is_upper end capitalize (a_string: detachable STRING) do if a_string /= Void then a_string.to_upper end ensure a_string /= Void implies a_string.is_upper end

CAP demo Different CAPs for locals and arguments – Void check in contract – Void check in conditional – Setter – Creator 10

Object test Checking attachment of an expression (and its type) Assignment to a local variable – Local is not declared and only available in one branch 11 name: detachable STRING capitalize_name do if attached name as l_name then l_name.to_upper end ensure attached name as n implies n.is_upper end name: detachable STRING capitalize_name do if attached name as l_name then l_name.to_upper end ensure attached name as n implies n.is_upper end

Side note on object tests Object test can also be used to make a type cast The test is True, if object conforms to specified type Local variable will have specified type 12 name: detachable ANY capitalize_name do if attached {STRING} name as l_name then l_name.to_upper end ensure attached {STRING} name as n implies n.is_upper end name: detachable ANY capitalize_name do if attached {STRING} name as l_name then l_name.to_upper end ensure attached {STRING} name as n implies n.is_upper end

Object test demo Object test in body Object test in assertion Object test to test for type 13

Stable attributes Detachable attributes which are never set to void They are initially void, but once attached will stay so 14 name: detachable STRING note option: stable attribute end capitalize_name do if name /= Void then name.to_upper end name: detachable STRING note option: stable attribute end capitalize_name do if name /= Void then name.to_upper end

Stable demo Declaring stable attributes CAPs with stable attributes 15

Arrays Arrays can have more storage space then elements Empty storage space filled with default values What is the default for attached types? – a: attached ARRAY [attached STRING] See Array demo 16

Other languages: Spec# Research variant of C# Adds contracts and non-null types (and more) Non-null types are marked with ! 17 String s = null; String! s = „abc“; String! s = null; String s = null; String! s = „abc“; String! s = null;

Other languages: JML Research variant of Java Adds contracts and non-null types (and more) Types (except locals) are non-null per default 18 String s = null; String s = „abc“; String s = null; String s = null; String s = „abc“; String s = null;

References Eiffel documentation on void-safety – Avoid a Void: The eradication of null dereferencing – Targeted expressions –

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.