Class Invariants Class invariants are logical conditions to ensure the correct working of a class. Class invariants must hold true when an object is created,

Slides:

Advertisements

Similar presentations

Detecting Bugs Using Assertions Ben Scribner. Defining the Problem  Bugs exist  Unexpected errors happen Hardware failures Loss of data Data may exist.

Advertisements

Karlstad University Computer Science Design Contracts and Error Management Design Contracts and Errors A Software Development Strategy Eivind J. Nordby.

Senem Kumova Metin Spring2009 STACKS AND QUEUES Chapter 10 in A Book on C.

Composition CMSC 202. Code Reuse Effective software development relies on reusing existing code. Code reuse must be more than just copying code and changing.

Stacks, Queues, and Deques. 2 A stack is a last in, first out (LIFO) data structure Items are removed from a stack in the reverse order from the way they.

 Both System.out and System.err are streams—a sequence of bytes.  System.out (the standard output stream) displays output  System.err (the standard.

1 Design by Contract Building Reliable Software. 2 Software Correctness Correctness is a relative notion  A program is correct with respect to its specification.

1 Specifying Object Interfaces. 2 Major tasks in this stage: --are there any missing attributes or operations? --how can we reduce coupling, make interface.

Software Testing and Quality Assurance

Improved software quality through semantic descriptions (Skutt) Karlstad University Dept. of Computer Science Semla Design Method for use in.

Computer Science 340 Software Design & Testing Design By Contract.

Ranga Rodrigo. Class is central to object oriented programming.

Data Structures: CSCI 362 – Stack Implementation Data Structures: CSCI 362 – Stack Implementation lecture notes adapted from Data Structures with C++ using.

Software Engineering Prof. Dr. Bertrand Meyer March 2007 – June 2007 Chair of Software Engineering Static program checking and verification Slides: Based.

COP3530 Data Structures600 Stack Stack is one the most useful ADTs. Like list, it is a collection of data items. Supports “LIFO” (Last In First Out) discipline.

SWE 619 © Paul Ammann Procedural Abstraction and Design by Contract Paul Ammann Information & Software Engineering SWE 619 Software Construction cs.gmu.edu/~pammann/

How to Design Error Steady Code Ivaylo Bratoev Telerik Corporation

111 Protocols CS 4311 Wirfs Brock et al., Designing Object-Oriented Software, Prentice Hall, (Chapter 8) Meyer, B., Applying design by contract,

Low-Level Detailed Design SAD (Soft Arch Design) Mid-level Detailed Design Low-Level Detailed Design Design Finalization Design Document.

CS 261 – Data Structures Preconditions, Postconditions & Assert.

Data Structures (part 2). Stacks An Everyday Example Your boss keeps bringing you important items to deal with and keeps saying: “Put that last ‘rush’

Exception Handling Programmers must deal with errors and exceptional situations: User input errors Device errors Empty disk space, no memory Component.

90-723: Data Structures and Algorithms for Information Processing Copyright © 1999, Carnegie Mellon. All Rights Reserved. 1 Lecture 1: Introduction Data.

Protocols Software Engineering II Wirfs Brock et al, Designing Object-Oriented Software, Prentice Hall, Mitchell, R., and McKim, Design by Contract,

Exceptions and Assertions Chapter 15 – CSCI 1302.

L13: Design by Contract Definition Reliability Correctness Pre- and post-condition Asserts and Exceptions Weak & Strong Conditions Class invariants Conditions.

SWE 4743 Abstract Data Types Richard Gesick. SWE Abstract Data Types Object-oriented design is based on the theory of abstract data types Domain.

Defensive Programming CNS 3370 Copyright 2003, Fresh Sources, Inc.

CSSE501 Object-Oriented Development. Chapter 10: Subclasses and Subtypes  In this chapter we will explore the relationships between the two concepts.

DBC NOTES. Design By Contract l A contract carries mutual obligations and benefits. l The client should only call a routine when the routine’s pre-condition.

Defensive Programming. Good programming practices that protect you from your own programming mistakes, as well as those of others – Assertions – Parameter.

Design by Contract. The Goal Ensure the correctness of our software (correctness) Recover when it is not correct anyway (robustness) Correctness: Assertions.

CSE 332: C++ Exceptions Motivation for C++ Exceptions Void Number:: operator/= (const double denom) { if (denom == 0.0) { // what to do here? } m_value.

Chapter 3 Lists, Stacks, Queues. Abstract Data Types A set of items – Just items, not data types, nothing related to programming code A set of operations.

CSE 374 Programming Concepts & Tools Hal Perkins Fall 2015 Lecture 17 – Specifications, error checking & assert.

Chapter 6 CS 3370 – C++ Functions.

Design by Contract Jim Fawcett CSE784 – Software Studio

Design by Contract Jim Fawcett CSE784 – Software Studio

CSE 374 Programming Concepts & Tools

CSE 143 Error Handling [Section 2.8] 3/30/98 CSE 143.

Programming Fundamentals Lecture #7 Functions

Methods The real power of an object-oriented programming language takes place when you start to manipulate objects. A method defines an action that allows.

Preconditions, Postconditions & Assertions

Specifying Object Interfaces

Introduction to Data Structures

Stacks, Queues, and Deques

Testing UW CSE 160 Winter 2016.

CSC 143 Error Handling Kinds of errors: invalid input vs programming bugs How to handle: Bugs: use assert to trap during testing Bad data: should never.

Selection Statements Chapter 4 Attaway MATLAB 4E.

Hoare-style program verification

CMSC 202 Exceptions 2nd Lecture.

Data Structures and Algorithms for Information Processing

Protocols CS 4311 Wirfs Brock et al., Designing Object-Oriented Software, Prentice Hall, (Chapter 8) Meyer, B., Applying design by contract, Computer,

ECE 103 Engineering Programming Chapter 56 Runtime Errors

Exceptions 25-Apr-19.

Exceptions 22-Apr-19.

Assertions References: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 4/25/2019.

Classes and Objects Reusing Classes with Composition

Stacks, Queues, and Deques

Computer Science 340 Software Design & Testing

Exceptions 5-Jul-19.

Functions Students should understand the concept and basic mechanics of the function call/return pattern from CS 1114/2114, but some will not. A function.

Selection Statements Chapter 4 Attaway MATLAB 5E.

Chapter 5 Selection Statements

Defensive Programming

CMPT 225 Lecture 7 – Stack.

Design Contracts and Errors A Software Development Strategy

Presentation transcript:

Class Invariants Class invariants are logical conditions to ensure the correct working of a class. Class invariants must hold true when an object is created, and they must be preserved under all operations of the class Interface invariants are of interest to the class user, because they give a behavioral guarantee for any object of the class Implementation invariants involve the details of a particular implementation

Class Invariants They express the fundamental integrity constrains on a class They are independent from the individual routines of the class Characterize the class long-term semantics Class Invariants help in Maintenance Quality assurance Configuration Management Regression testing

Invariance Example class Stack { public: void push(double); double pop(); bool is_empty(); bool is_full(); private: // … };

Invariance Example We can formulate several interface invariants After an element is pushed onto a stack, the stack is no longer empty:

Invariance Example If a stack is not full and we push an element on a stack, then calling pop retrieves the same element.

Invariance Example One can give a complete algebraic description of a stack in this fashion. Other data types such as queue can be characterized in a similar fashion. Implementation invariant makes an assertion about one particular implementation. Example stack with the following private section: Private: Int _sptr; Array<double> _data;

Implementation Invariant Example We may wish to assert that the stack pointer is always within a certain range:

Preconditions A precondition is a statement placed before the segment that must be true prior to entering the segment in order for it to work correctly Example: preconditions for calling the draw(Rectangle * r) r != null R bounds to Rectangle setDate(int day, int month, int year) Operation in the Date class 1 <= day <=31 1<=month<12

Pre-Conditions and Post-Conditions We say that is a precondition of the push operation. Conversely, after pushing an element on the stack, we know that must necessarily hold. An operation is not responsible for doing anything sensible if its precondition fails to hold. Conversely, an operation will guarantee its post-condition whenever it is invoked when the precondition is true.

Testing for invariants and conditions Someone has to verify that pre-condition or invariant is valid before actually invoking method or procedure. Can we trust unknowledgeable class users who do not know anything about class implementation ? No, class users could be malicious. We should perform checks against null pointers or range errors. How much checking is enough? Answer: Depends …

Testing for invariants and conditions What do we do when test for invariant fails? Don’t do anything Don’t do anything, and display warning Throw an exception and handle it Abort the program Crash OS ??? Depending on the nature of invariant, different actions should be taken Sometimes we can put debugging code to help us identify the places where invariance does not hold true. Then we can investigate the reason.

Using the assert facility in C++ The assert macro is defined in the assert.h header. If the condition: assert(condition should be true) fails, the program will exit with an error message containing the text of the condition, the name of the source file and the line number in the file Example: assert(den != 0); int x = num / den;

Using assert facility in C++ There are already defined macros to facilitate post/pre conditions test ASSERT_PRECOND Void Stack :: push(double x) { ASSERT_PRECOND(!isFull()); // … } ASSERT_POSTCOND Void getName(int pos) { String name; //.. ASSERT_POSTCOND(isValidName(name));

Preconditions vs. Defensive Programming Preconditions are strong contractual statements. The caller of the operation must fulfill it or lose the program. There is no way to guaranty that the caller will fulfill all of the preconditions of the given operation. We simply “trust” the caller Defensive programming allows the invocation of the operation on objects of any state, with any arguments. Operations are going to spend time checking the validity of the object and all arguments. Tradeoff between performance and reliability Different projects have different preferences towards performance and reliability