The following slides contain advanced material and are optional.

Slides:



Advertisements
Similar presentations
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Advertisements

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Chair of Software Engineering Einführung in die Programmierung Introduction to Programming Prof. Dr. Bertrand Meyer Exercise Session 5.
Chair of Software Engineering 1 Introduction to Programming Bertrand Meyer Exercise Session 5 6 October 2008.
Control Structures Ranga Rodrigo. Control Structures in Brief C++ or JavaEiffel if-elseif-elseif-else-end caseinspect for, while, do-whilefrom-until-loop-end.
Chair of Software Engineering Concurrent Object-Oriented Programming Prof. Dr. Bertrand Meyer Exercise Session 1: Eiffel Introduction.
Lecture # 21 Chapter 6 Uptill 6.4. Type System A type system is a collection of rules for assigning type expressions to the various parts of the program.
Chair of Software Engineering OOSC - Summer Semester Object-Oriented Software Construction Bertrand Meyer.
Chair of Software Engineering Einführung in die Programmierung Introduction to Programming Prof. Dr. Bertrand Meyer Exercise Session 6.
Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt.
Mock test review Revision of Activity Diagrams for Loops,
Design by Contract. Specifications Correctness formula (Hoare triple) {P} A {Q} – A is some operation (for example, a routine body) – P and Q are predicates.
-5- Exception handling What is an exception? “An abnormal event” Not a very precise definition Informally: something that you don’t want to happen.
1 Advanced Material The following slides contain advanced material and are optional.
Chair of Software Engineering ATOT - Lecture 12, 12 May Advanced Topics in Object Technology Bertrand Meyer.
Principles of Object-Oriented Software Development The language Eiffel.
Chair of Software Engineering Einführung in die Programmierung Introduction to Programming Prof. Dr. Bertrand Meyer Exercise Session 3.
1 Advanced Material The following slides contain advanced material and are optional.
Chair of Software Engineering Einführung in die Programmierung Introduction to Programming Prof. Dr. Bertrand Meyer Lecture 4: The Interface of a Class.
Chair of Software Engineering OOSC - Summer Semester Object-Oriented Software Construction Bertrand Meyer Lecture 12: Design by Contract™
Chair of Software Engineering Einführung in die Programmierung Introduction to Programming Prof. Dr. Bertrand Meyer Lecture 4: The Interface of a Class.
Chair of Software Engineering Einführung in die Programmierung Introduction to Programming Prof. Dr. Bertrand Meyer Lecture 9: Abstraction.
Chair of Software Engineering Concurrent Object-Oriented Programming Prof. Dr. Bertrand Meyer Lecture 9: Contracts and Inheritance (based on work with.
Chair of Software Engineering ATOT - Lecture 11, 7 May Advanced Topics in Object Technology Bertrand Meyer.
Chair of Software Engineering Einführung in die Programmierung Introduction to Programming Prof. Dr. Bertrand Meyer Exercise Session 4.
1 Advanced Material The following slides contain advanced material and are optional.
1 Advanced Material The following slides contain advanced material and are optional.
Computer Programming 1 Repetition. Computer Programming 2 Objectives Repetition structures Study while and do loops Examine for loops A practical example.
Chair of Software Engineering Automatic Verification of Computer Programs.
Chair of Software Engineering Einführung in die Programmierung Introduction to Programming Prof. Dr. Bertrand Meyer Exercise Session 3.
Eiffel Language and Design by Contract Contract –An agreement between the client and the supplier Characteristics –Expects some benefits and is prepared.
Chair of Software Engineering Einführung in die Programmierung Introduction to Programming Prof. Dr. Bertrand Meyer Exercise Session 3.
A tour around Java General introduction to aspects of the language (these will be covered in more detail later) After this tour you should have a general.
Ranga Rodrigo. Class is central to object oriented programming.
Chair of Software Engineering 1 Introduction to Programming Bertrand Meyer Exercise Session October 2008.
Chair of Software Engineering Einführung in die Programmierung Introduction to Programming Prof. Dr. Bertrand Meyer Exercise Session 5.
Slide: 1 Copyright © AdaCore Subprograms Presented by Quentin Ochem university.adacore.com.
CONTENTS Processing structures and commands Control structures – Sequence Sequence – Selection Selection – Iteration Iteration Naming conventions – File.
Chair of Software Engineering Einführung in die Programmierung Introduction to Programming Prof. Dr. Bertrand Meyer Exercise Session 5.
Loops (cont.). Loop Statements  while statement  do statement  for statement while ( condition ) statement; do { statement list; } while ( condition.
Advanced Arithmetic, Conditionals, and Loops INFSY 535.
C++ / G4MICE Course Session 1 - Introduction Edit text files in a UNIX environment. Use the g++ compiler to compile a single C++ file. Understand the C++
Intermediate 2 Computing Unit 2 - Software Development.
Chair of Software Engineering 1 Introduction to Programming Bertrand Meyer Exercise Session October 2008.
Chair of Software Engineering Einführung in die Programmierung Introduction to Programming Prof. Dr. Bertrand Meyer Exercise Session 3.
ANU COMP2110 Software Design in 2003 Lecture 10Slide 1 COMP2110 Software Design in 2004 Lecture 12 Documenting Detailed Design How to write down detailed.
Understanding ADTs CSE 331 University of Washington.
1 Assertions. 2 A boolean expression or predicate that evaluates to true or false in every state In a program they express constraints on the state that.
DBC NOTES. Design By Contract l A contract carries mutual obligations and benefits. l The client should only call a routine when the routine’s pre-condition.
Chair of Software Engineering 1 Introduction to Programming Bertrand Meyer Exercise Session October 2008.
1 Exceptions When the Contract is Broken. 2 Definitions A routine call succeeds if it terminates its execution in a state satisfying its contract A routine.
Design by Contract. The Goal Ensure the correctness of our software (correctness) Recover when it is not correct anyway (robustness) Correctness: Assertions.
Week 8, Class 3: Model-View-Controller Final Project Worth 2 labs Cleanup of Ducks Reducing coupling Finishing FactoryMethod Cleanup of Singleton SE-2811.
© Bertrand Meyer and Yishai Feldman Notice Some of the material is taken from Object-Oriented Software Construction, 2nd edition, by Bertrand Meyer (Prentice.
Chair of Software Engineering Void safety these slides contain advanced material and are optional.
Lecture 4b Repeating With Loops
Design by Contract Jim Fawcett CSE784 – Software Studio
Design by Contract Jim Fawcett CSE784 – Software Studio
Repetition (While-Loop) version]
Outline Altering flow of control Boolean expressions
Loops CIS 40 – Introduction to Programming in Python
Coding Concepts (Basics)
Do … Loop Until (condition is true)
Einführung in die Programmierung Introduction to Programming Prof. Dr
Lecture Notes – Week 4 Chapter 5 (Loops).
Java Modeling Language (JML)
Einführung in die Programmierung Introduction to Programming Prof. Dr
Computer Science 340 Software Design & Testing
Controlling Program Flow
Programming Languages 2nd edition Tucker and Noonan
Presentation transcript:

The following slides contain advanced material and are optional.

Outline Invariants Violating the invariant Marriage problem

Invariants explained in 60 seconds Consistency requirements for a class Established after object creation Hold, when an object is visible Entry of a routine Exit of a routine class ACCOUNT feature balance: INTEGER invariant balance >= 0 end

Temporary violation Invariants can be violated temporarily e.g. on object creation In Eiffel, invariants are checked on entry and exit of a qualified feature call One exception: for calls to creation procedures, invariants are not checked on entry to routine e.g create cell.set_item (1) But checked for normal call: cell.set_item (1) See demo. Open project „invariant“, open class A, comment out one line at a time. First ask students what will happen, then run it.

Public interface of person (without contracts) class PERSON feature spouse: PERSON -- Spouse of Current. marry (a_other: PERSON) -- Marry `a_other’. do … end class MARRIAGE feature make local alice: PERSON bob: PERSON do create alice create bob bob.marry (alice) end

Hands-On Write the contracts class PERSON feature spouse: PERSON marry (a_other: PERSON) require ?? ensure invariant end Open „person_empty_interface.e“ in external editor and fill in all contracts and body of „make“

A possible solution class PERSON feature spouse: PERSON marry (a_other: PERSON) require a_other /= Void a_other /= Current a_other.spouse = Void spouse = Void ensure spouse = a_other a_other.spouse = Current end invariant spouse /= Void implies spouse.spouse = Current spouse /= Current If boolexpr1 and boolexpr2 are boolean expressions, and boolexpr1 evaluates to false, is boolexpr1 implies boolexpr2 always true? Yes, because boolexpr1 implies boolexpr2 is equivalent to not boolexpr1 or else boolexpr2

Implementing marry class PERSON feature spouse: PERSON marry (a_other: PERSON) require a_other /= Void a_other /= Current a_other.spouse = Void spouse = Void do ?? ensure spouse = a_other a_other.spouse = Current end invariant spouse /= Void implies spouse.spouse = Current spouse /= Current

No assigner command for a_other Implementing marry I Hands-On class PERSON feature spouse: PERSON marry (a_other: PERSON) require a_other /= Void a_other /= Current a_other.spouse = Void spouse = Void do a_other.spouse := Current spouse := a_other ensure spouse = a_other a_other.spouse = Current end invariant spouse /= Void implies spouse.spouse = Current spouse /= Current Compiler Error: No assigner command for a_other

Hands-On Implementing marry II bob, alice: PERSON class PERSON feature spouse: PERSON marry (a_other: PERSON) require a_other /= Void and a_other /= Current a_other.spouse = Void spouse = Void do a_other.set_spouse (Current) spouse := a_other ensure spouse = a_other a_other.spouse = Current end set_spouse (a_person: PERSON) spouse := a_person invariant spouse /= Void implies spouse.spouse = Current spouse /= Current local bob, alice: PERSON do create bob; create alice bob.marry (alice) bob.set_spouse (Void) -- What about the invariants -- of bob and alice? end After “set_spouse (Void)”, invariant of bob is Ok, but the invariant of alice is violated

Implementing marry III Hands-On class PERSON feature spouse: PERSON marry (a_other: PERSON) require a_other /= Void and a_other /= Current a_other.spouse = Void spouse = Void do a_other.set_spouse (Current) spouse := a_other ensure spouse = a_other a_other.spouse = Current end feature {PERSON} set_spouse (a_person: PERSON) spouse := a_person invariant spouse /= Void implies spouse.spouse = Current spouse /= Current What about the invariant of a_other in feature marry? Invariant of a_other is violated after call to set_spouse set_spouse (a_person: PERSON) -- Set `spouse' to `a_person'. require person_not_current: a_person /= Current do spouse := a_person ensure spouse_set: spouse = a_person end It is ok that a_person can be void. This is needed to the divorce feature

Implementing marry : final version class PERSON feature spouse: PERSON marry (a_other: PERSON) require a_other /= Void a_other.spouse = Void spouse = Void do spouse := a_other a_other.set_spouse (Current) ensure spouse = a_other a_other.spouse = Current end feature {PERSON} set_spouse (a_person: PERSON) spouse := a_person invariant spouse /= Void implies spouse.spouse = Current spouse /= Current Reverting the instructions does the trick because the invariant of Current is checked at the end of feature marry

Is the order of instructions in divorce important for the invariant? Ending the marriage Hands-On class PERSON feature spouse: PERSON divorce require spouse /= Void do spouse.set_spouse (Void) spouse := Void ensure spouse = Void (old spouse).spouse = Void end invariant spouse /= Void implies spouse.spouse = Current spouse /= Current Is the order of instructions in divorce important for the invariant?

What we have seen Invariant should only depend on Current object If invariant depends on other objects Take care who can change state Take care in which order you change state Invariant can be temporarily violated You can still call features on Current object Take care in calling other objects, they might call back Although writing invariants is not that easy, they are necessary to do formal proofs. This is also the case for loop invariants (which will come later).

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.