David Evans http://www.cs.virginia.edu/~evans Lecture 4: Data Abstraction CS201j: Engineering Software University of Virginia Computer Science David Evans http://www.cs.virginia.edu/~evans
Menu Data Abstraction Specifying Abstract Data Types Implementing Abstract Data Types 10 September 2002 CS 201J Fall 2002
Managing Complexity Modularity Divided problem into procedures Used specifications to separate what from how A big program can have thousands of procedures 10 September 2002 CS 201J Fall 2002
Data Abstraction We need new data types, not just procedures How would PS2 work without the StringTable type? We could make procedures, but what would you pass to them? Organize program around abstract data types 10 September 2002 CS 201J Fall 2002
Abstract Data Types Separate what you can do with data from how it is represented Client interacts with data through provided operations according to their specifications Implementation chooses how to represent data and implement its operations 10 September 2002 CS 201J Fall 2002
Data Abstraction in Java A class defines a new data type Use private instance variables to hide the choice of representation private declarations are only visible inside the class 10 September 2002 CS 201J Fall 2002
Up and Down Clients manipulate an abstract data type by calling its operations (methods and constructors) clients down up Abstract Type Concrete Representation class implementation The representation of an abstract data type is visible only in the class implementation. 10 September 2002 CS 201J Fall 2002
Example: CellState public class CellState { // OVERVIEW: A CellState is an immutable // object that represents the state of a cell, // either alive or dead. static public CellState createAlive() // EFFECTS: Returns an alive cell state. static public CellState createDead () // EFFECTS: Returns a dead cell state. public boolean isAlive () // EFFECTS: Returns true iff this is alive. } 10 September 2002 CS 201J Fall 2002
Cell State Representation private boolean alive; clients cs.isAlive () CellState down up Abstract Type Concrete Representation boolean alive; class implementation public boolean isAlive () { return alive; } 10 September 2002 CS 201J Fall 2002
Advantages/Disadvantages More code to write and maintain Run-time overhead (time to call method) Client doesn’t need to know about representation Suppose we want to add more states (e.g., cells that were just born) 10 September 2002 CS 201J Fall 2002
StringSet Example StringSet abstract data type: represent a set of strings Support mathematical set operations: insert, isIn, size Create an empty set 10 September 2002 CS 201J Fall 2002
Specifying Abstract Data Types Overview: what does the type represent Mutability/Immutability A StringSet is a mutable set of Strings. Abstract Notation A typical StringSet is { x1, …, xn }. Operations: specifications for constructors and methods clients use Describe in terms of abstract notation introduced in overview. 10 September 2002 CS 201J Fall 2002
StringSet Specification public class StringSet // OVERVIEW: StringSets are unbounded, mutable sets of // Strings. A typical StringSet is { x1, ..., xn } public StringSet () // EFFECTS: Initializes this to be empty: { } public void insert (String s) // MODIFIES: this // EFFECTS: Adds x to the elements of this: // this_post = this_pre U { s } public boolean isIn (String s) { // EFFECTS: Returns true iff s is an element of this. public int size () // EFFECTS: Returns the number of elements in this. 10 September 2002 CS 201J Fall 2002
Components of Data Abstractions Ways to create objects of the data type Creators: create new objects of the ADT from parameters of other types Producers: create new objects of the ADT from parameters of the ADT type (and other types) Ways to observe properties: observers Ways to change properties: mutators 10 September 2002 CS 201J Fall 2002
StringSet Operations Creators Producers Observers Mutators public class StringSet // OVERVIEW: StringSets are unbounded, mutable sets of // Strings. A typical StringSet is { x1, ..., xn } public StringSet () // EFFECTS: Initializes this to be empty: { } public void insert (String s) // MODIFIES: this // EFFECTS: Adds x to the elements of this: // this_post = this_pre U { s } public boolean isIn (String s) { // EFFECTS: Returns true iff s is an element of this. public int size () // EFFECTS: Returns the number of elements in this. Creators StringSet () Producers none Observers isIn, size Mutators insert 10 September 2002 CS 201J Fall 2002
Using Abstract Data Types PS1, PS2 Client interacts with data type using the methods as described in the specification Client does not know the concrete representation 10 September 2002 CS 201J Fall 2002
Implementing Abstract Data Types 10 September 2002 CS 201J Fall 2002
Choosing a Representation Need a concrete data representation to store the state Think about how methods will be implemented A good representation choice should: Enable easy implementations of all methods Allow performance-critical methods to be implemented efficiently 10 September 2002 CS 201J Fall 2002
StringSet Representation Option 1: private String [] rep; Recall Java arrays are bounded Easy to implement most methods, hard to implement insert Option 2: private Vector rep; Easy to implement all methods Performance may be worse than for array 10 September 2002 CS 201J Fall 2002
Implementing StringSet public class StringSet { // OVERVIEW: StringSets are unbounded, mutable sets of Strings. // A typical StringSet is {x1, ..., xn} // Representation: private Vector rep; public StringSet () { // EFFECTS: Initializes this to be empty: { } rep = new Vector (); } public void insert (String s) { // MODIFIES: this // EFFECTS: Adds s to the elements of this: // this_post = this_pre U { s } rep.add (s); Could this implementation of insert be correct? 10 September 2002 CS 201J Fall 2002
It depends… public int size () { // EFFECTS: Returns the number of elements in this. StringSet uniqueels = new StringSet (); for (int i = 0; i < rep.size (); i++) { String current = (String) rep.elementAt (i); if (uniqueels.isIn (current)) { ; } else { uniqueels.insert (current); } return uniqueels.rep.size (); 10 September 2002 CS 201J Fall 2002
Is it correct? public int size () { // EFFECTS: Returns the number of // elements in this. return rep.size (); } public void insert (String s) { if (!isIn (s)) rep.add (s); } 10 September 2002 CS 201J Fall 2002
Reasoning About Data Abstractions How can we possibly implement data abstractions correctly if correctness of one method depends on how other methods are implemented? How can we possibly test a data abstraction implementation if there are complex interdependencies between methods? 10 September 2002 CS 201J Fall 2002
What must we know to know size is correct? public int size () { // EFFECTS: Returns the number of // elements in this. return rep.size (); } This implementation is correct only if we know the rep does not contain duplicates 10 September 2002 CS 201J Fall 2002
Rep Invariant The Representation Invariant expresses properties all legitimate objects of the ADT must satisfy I: C → boolean Function from concrete representation to boolean. Helps us reason about correctness of methods independently 10 September 2002 CS 201J Fall 2002
Reasoning with Rep Invariants Prove all objects satisfy the invariant before leaving the implementation code Assume all objects passed in satisfy the invariant REQUIRES: Rep Invariant is true for this (and any other reachable ADT objects) EFFECTS: Rep Invariant is true for all new and modified ADT object on exit. 10 September 2002 CS 201J Fall 2002
Rep Invariant for StringSet public class StringSet { // OVERVIEW: StringSets are unbounded, // mutable sets of Strings. // A typical StringSet is {x1, ..., xn} // Representation: private Vector rep; // RepInvariant (c) = // c contains no duplicates // && c != null 10 September 2002 CS 201J Fall 2002
Implementing Insert? public void insert (String s) { // MODIFIES: this // EFFECTS: Adds s to the elements of this: // this_post = this_pre U { s } rep.add (s); } Not a correct implementation: after it returns this might not satisfy the rep invariant! 10 September 2002 CS 201J Fall 2002
Implementing Insert public void insert (String s) { // MODIFIES: this // EFFECTS: Adds s to the elements of this: // this_post = this_pre U { s } if (!isIn (s)) { rep.add (s); } } Possibly correct implementation: we need to know how to map rep to abstraction notation to know if this_post = this_pre U { s } 10 September 2002 CS 201J Fall 2002
Abstraction Function The Abstraction Function maps a concrete state to an abstract state: AF: C → A Function from concrete representation to the abstract notation introduced in overview specification. Range is concrete states for which RI is true 10 September 2002 CS 201J Fall 2002
Abstraction Function for StringSet public class StringSet { // OVERVIEW: StringSets are unbounded, // mutable sets of Strings. // A typical StringSet is {x1, ..., xn} // Representation: private Vector rep; // AF (c) = // { AFString (c.els[i]) | 0 <= i < c.els.size () } 10 September 2002 CS 201J Fall 2002
Correctness of Insert public void insert (String s) { // MODIFIES: this // EFFECTS: Adds s to the elements of this: // this_post = this_pre U { s } if (!isIn (s)) { rep.add (s); } } Use abstraction function to show if add implements its specification, the AF(rep_post) = AF(rep_pre) U {AFString(s)} 10 September 2002 CS 201J Fall 2002
Reality Check Writing abstraction functions, rep invariants, testing code thoroughly, reasoning about correctness, etc. for a big program is a ridiculous amount of work! Does anyone really do this? Yes (and a lot more), but usually only when its really important to get things right: Cost per line of code: Small, unimportant projects: $1-5/line WindowsNT: about $100/line FAA’s Automation System (1982-1994): $900/line 10 September 2002 CS 201J Fall 2002
Charge PS3: due next Thursday Implement the StringTable abstract data type you used in PS2 Longer than PS2 Reason about data types using abstraction functions and rep invariants Thursday: ESC/Java annotations and rep invariants Tuesday: Practice with data abstractions 10 September 2002 CS 201J Fall 2002