Are Practitioners Writing Contracts?

Slides:

Advertisements

Similar presentations

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Advertisements

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 6 Disclaimer. These notes are derived from notes originally.

Omnibus: A clean language and supporting tool for integrating different assertion-based verification techniques Thomas Wilson, Savi Maharaj, Robert G.

Addressing the Challenges of Current Software. Questions to Address Why? What? Where? How?

The Java Modeling Language JML Erik Poll Digital Security Radboud University Nijmegen.

Chair of Software Engineering OOSC - Summer Semester Object-Oriented Software Construction Bertrand Meyer.

Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University 1 Modularization.

Dept. of Computer Science A Runtime Assertion Checker for the Java Modeling Language (JML) Yoonsik Cheon and Gary T. Leavens SERP 2002, June 24-27, 2002.

Design by Contract. Specifications Correctness formula (Hoare triple) {P} A {Q} – A is some operation (for example, a routine body) – P and Q are predicates.

An overview of JML tools and applications Lilian Burdy Gemplus Yoonsik Cheon, Gary Leavens Iowa Univ. David Cok Kodak Michael Ernst MIT Rustan Leino Microsoft.

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Chair of Software Engineering OOSC - Summer Semester Object-Oriented Software Construction Bertrand Meyer Lecture 10: Project Presentation Ilinca.

Chair of Software Engineering ATOT - Lecture 12, 12 May Advanced Topics in Object Technology Bertrand Meyer.

JML and Class Specifications Class invariant JML definitions Queue example Running JML in Eclipse.

Chair of Software Engineering Einführung in die Programmierung Introduction to Programming Prof. Dr. Bertrand Meyer Lecture 4: The Interface of a Class.

Chair of Software Engineering Einführung in die Programmierung Introduction to Programming Prof. Dr. Bertrand Meyer Lecture 4: The Interface of a Class.

Houdini: An Annotation Assistant for ESC/Java Cormac Flanagan and K. Rustan M. Leino Compaq Systems Research Center.

OOP #10: Correctness Fritz Henglein. Wrap-up: Types A type is a collection of objects with common behavior (operations and properties). (Abstract) types.

Chair of Software Engineering ATOT - Lecture 3, 7 April Advanced Topics in Object Technology Bertrand Meyer.

Software Quality: Testing and Verification II. 2 1.A failure is an unacceptable behaviour exhibited by a system — The frequency of failures measures software.

Software Verification Bertrand Meyer Chair of Software Engineering Lecture 2: Axiomatic semantics.

Chair of Software Engineering Automatic Verification of Computer Programs.

Eiffel Language and Design by Contract Contract –An agreement between the client and the supplier Characteristics –Expects some benefits and is prepared.

© 2006 Pearson Addison-Wesley. All rights reserved2-1 Chapter 2 Principles of Programming & Software Engineering.

Software Engineering Design by Contract 1 Design by Contract ™

Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University Measuring Copying.

Mathematics throughout the CS Curriculum Support by NSF #

Ranga Rodrigo. Class is central to object oriented programming.

Introduction CS 3358 Data Structures. What is Computer Science? Computer Science is the study of algorithms, including their  Formal and mathematical.

Victor Eijkhout and Erika Fuentes, ICL, University of Tennessee SuperComputing 2003 A Proposed Standard for Numerical Metadata.

Tammy Dahlgren with Tom Epperly, Scott Kohn, and Gary Kumfert Center for Applied Scientific Computing Common Component Architecture Working Group October.

1 Total Correctness of Recursive Functions Using JML4 FSPV George Karabotsos, Patrice Chalin, Perry R. James, Leveda Giannas Dependable Software Research.

Design by Contract in Java Concept and Comparison.

Introduction CS 3358 Data Structures. What is Computer Science? Computer Science is the study of algorithms, including their  Formal and mathematical.

P.R. James © P.Chalin et al.1 An Integrated Verification Environment for JML: Architecture and Early Results Patrice Chalin, Perry R. James, and George.

CS Data Structures I Chapter 2 Principles of Programming & Software Engineering.

SOFTWARE METRICS. Software Process Revisited The Software Process has a common process framework containing: u framework activities - for all software.

Spec# Andreas Vida. Motivation Correct and maintainable software Correct and maintainable software Cost effective software production Cost effective software.

© 2006 Pearson Addison-Wesley. All rights reserved2-1 Chapter 2 Principles of Programming & Software Engineering.

© 2006 Pearson Addison-Wesley. All rights reserved 2-1 Chapter 2 Principles of Programming & Software Engineering.

1 Devon M. Simmonds, Computer Science Department Design by Contract Devon M. Simmonds Computer Science Department University of North Carolina, Wilmington.

Verificare şi Validarea Sistemelor Soft Tem ă Laborator 1 ESC/Java2 Extended Static Checker for Java Dat ă primire laborator: Lab 1 Dat ă predare laborator:

Chair of Software Engineering 1 Introduction to Programming Bertrand Meyer Exercise Session October 2008.

Early Detection of JML Specification Errors using ESC/Java2 Patrice Chalin Dependable Software Research Group (DSRG) Computer Science and Software Engineering.

ANU COMP2110 Software Design in 2003 Lecture 10Slide 1 COMP2110 Software Design in 2004 Lecture 12 Documenting Detailed Design How to write down detailed.

1 Assertions. 2 A boolean expression or predicate that evaluates to true or false in every state In a program they express constraints on the state that.

PROGRAMMING PRE- AND POSTCONDITIONS, INVARIANTS AND METHOD CONTRACTS B MODULE 2: SOFTWARE SYSTEMS 13 NOVEMBER 2013.

Runtime Assertion Checking Support for JML on Eclipse Platform Amritam Sarcar Department of Computer Science University of Texas at El Paso, 500 W. University.

Chapter 1 The Phases of Software Development. Software Development Phases ● Specification of the task ● Design of a solution ● Implementation of solution.

Design by Contract. The Goal Ensure the correctness of our software (correctness) Recover when it is not correct anyway (robustness) Correctness: Assertions.

© Bertrand Meyer and Yishai Feldman Notice Some of the material is taken from Object-Oriented Software Construction, 2nd edition, by Bertrand Meyer (Prentice.

The PLA Model: On the Combination of Product-Line Analyses 강태준.

Principles of Programming & Software Engineering

Evidence-Based Automated Program Fixing

Design by Contract Jim Fawcett CSE784 – Software Studio

Design by Contract Jim Fawcett CSE784 – Software Studio

Accessible Formal Methods A Study of the Java Modeling Language

SOEN 343 Software Design Computer Science and Software Engineering Department Concordia University Fall 2004 Instructor: Patrice Chalin.

Paul Ammann & Jeff Offutt

Introduction to Components and Specifications Using RESOLVE

Reliable Objects: Lightweight Testing for OO Languages

Slides by Steve Armstrong LeTourneau University Longview, TX

SOEN 343 Software Design Computer Science and Software Engineering Department Concordia University Fall 2004 Instructor: Patrice Chalin.

Hoare-style program verification

SOEN 343 Software Design Computer Science and Software Engineering Department Concordia University Fall 2004 Instructor: Patrice Chalin.

Java Modeling Language (JML)

Assertions References: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 4/25/2019.

RAC Support for JML on Eclipse Platform

Programming Languages 2nd edition Tucker and Noonan

Presentation transcript:

Are Practitioners Writing Contracts? Patrice Chalin Dependable Software Research Group (DSRG) Computer Science and Software Engineering Department Concordia University Montreal, Canada REFT Workshop 19 July 2005 at the FM05 Formal Methods Conference, Newcastle upon Tyne, UK, 18-22 July 2005

Tackling Increasingly Large and Complex S/W: Modular design methodologies have been proposed to help manage the increasing size and complexity S/W systems Effective modularization also Provides opportunities for reuse In very large systems Module / component interfaces must be rigorously defined. 9/17/2018 GC6 - DSE - P.Chalin,

Interface Specification of OO Sys. … expressed by contracts (an increasingly popular method) Design by Contract (DBC) 9/17/2018 GC6 - DSE - P.Chalin,

Languages Supporting DBC Eiffel Only active lang. with built-in support for DBC. Whether you include Spark in this list depends on your definition of DBC. If DBC means run-time assertion checking, then Spark should be excluded from this list. JACK uses JML (for the most part), as does ESC/Java2 9/17/2018 GC6 - DSE - P.Chalin,

Language Extensions for DBC Several research efforts are underway to “add” support for DBC to other languages. Support is added by extending a subset of the target language: Spark for Ada* APP for C Spec# for C# Java Modeling Language (JML), Jass, … for Java. Jass, ESC/Java, Jcontract, 9/17/2018 GC6 - DSE - P.Chalin,

DBC Research Justified? Does, having DBC support  developers will write contracts? 9/17/2018 GC6 - DSE - P.Chalin,

Survey Are practitioners writing contracts? Subjects: Eiffel programs. Are practitioners writing assertions? What kind of assertions? Subjects: Eiffel programs. Measure of the % SLOC that are assertions. 9/17/2018 GC6 - DSE - P.Chalin,

Eiffel: A brief review … 9/17/2018 GC6 - DSE - P.Chalin,

Eiffel Sample: N-ary Xor indexing description: "Routines that ought to be in class BOOLEAN" library: "Gobo Eiffel Kernel Library" copyright: "Copyright (c) 2002, Berend de Boer and others" … revision: "$Revision: 1.2 $" class KL_BOOLEAN_ROUTINES feature -- Access nxor (a_booleans: ARRAY[BOOLEAN]): BOOLEAN is -- N-ary exclusive or require … local i, nb: INTEGER do i := a_booleans.lower nb := a_booleans.upper from until i > nb loop -- Lines 27 … 37 removed end ensure … Eiffel Sample: N-ary Xor 9/17/2018 GC6 - DSE - P.Chalin,

Eiffel Sample: N-ary Xor indexing description: "Routines that ought to be in class BOOLEAN" library: "Gobo Eiffel Kernel Library" copyright: "Copyright (c) 2002, Berend de Boer and others" … revision: "$Revision: 1.2 $" class KL_BOOLEAN_ROUTINES feature -- Access nxor (a_booleans: ARRAY[BOOLEAN]): BOOLEAN is -- N-ary exclusive or require … local i, nb: INTEGER do i := a_booleans.lower nb := a_booleans.upper from until i > nb loop -- Lines 27 … 37 removed end ensure … Assertions: Preconditions Postconditions Class invariants Loop invariants Loop variants Check clause Eiffel Sample: N-ary Xor 9/17/2018 GC6 - DSE - P.Chalin,

Eiffel: Sample Precondition nxor(a_booleans: ...) : BOOLEAN is require a_booleans_not_void: a_booleans /= Void 9/17/2018 GC6 - DSE - P.Chalin,

Eiffel Sample Postcondition ... ensure zero: a_booleans.count = 0 implies not Result unary: a_booleans.count = 1 implies Result = a_booleans.item (a_booleans.lower) binary: a_booleans.count = 2 implies Result = (a_booleans.item (a_booleans.lower) xor a_booleans.item (a_booleans.upper)) -- more: there exists one and only one `i' in -- a_boolean.lower..a_boolean.upper so that -- a_boolean.item (i) = True end 9/17/2018 GC6 - DSE - P.Chalin,

Eiffel Sample Postcondition ensure zero: … binary: a_booleans.count = 2 implies Result = (…) xor (…) -- more: there exists one and -- only one `i' in -- a_boolean.lower..a_boolean.upper -- so that -- a_boolean.item (i) = True end 9/17/2018 GC6 - DSE - P.Chalin,

Eiffel Loops from initialization_instructions invariant assertion until exit_condition loop loop_instructions end 9/17/2018 GC6 - DSE - P.Chalin,

Survey Metrics Count Lines-of-code (LOC): Blank Comment Physical Source LOC (SLOC). 9/17/2018 GC6 - DSE - P.Chalin,

Subjects 80+ projects Categorized: Proprietary Open source Eiffel 5.5 9/17/2018 GC6 - DSE - P.Chalin,

Eiffel Survey: Project Distribution Project Category # of files LOC SLOC Proj. Cat. Proprietary 18584 2.7M 2.0M 51% Open Source 10657 1.7M 1.3M 33% Eiffel 5.5 4840 1.0M 0.7M 17% Total 34081 5.4M 4.0M 100% 9/17/2018 GC6 - DSE - P.Chalin,

Eiffel Survey: General Results LOC SLOC Blank Com-ment Index SLOC Total (106) 5.4 4.0 0.82 0.55 0.17 % LOC 100% 74.6% 15.2% 10.2% 3.2% 9/17/2018 GC6 - DSE - P.Chalin,

Eiffel Survey: % SLOC that are assertions 9/17/2018 GC6 - DSE - P.Chalin,

Eiffel Survey: Assertions Distribution in Kind 9/17/2018 GC6 - DSE - P.Chalin,

Other Statistics req ens cl.inv l.inv l.var check Total Max AsnLOC size 30 24 35 7 2 14 Average size 1.7 1.5 2.4 1.6 1.0 1.2 % (e /= Void) 44.4 23.6 51.2 2.1 0.0 35.1 36.8 9/17/2018 GC6 - DSE - P.Chalin,

Contracts Are Being Written Good news for DBC researchers. 9/17/2018 GC6 - DSE - P.Chalin,

Beyond DBC for Fault Tolerance “DBC” style contracts are insufficient. Next level of specification … 9/17/2018 GC6 - DSE - P.Chalin,

Beyond DBC … Behavioral interface specifications Design by Contract Ad hoc use of assertions Assertions not used 9/17/2018 GC6 - DSE - P.Chalin,

Behavioral Interface Specifications Behavioral specification also captures includes behavior in exceptional cases. 9/17/2018 GC6 - DSE - P.Chalin,

Multi-threaded support Extensions to current single-threaded approaches: JML Spec# 9/17/2018 GC6 - DSE - P.Chalin,