Method Verification Paul Ammann.

Slides:



Advertisements
Similar presentations
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Advertisements

Writing specifications for object-oriented programs K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 21 Jan 2005 Invited talk, AIOOL 2005 Paris,
Challenges in increasing tool support for programming K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 23 Sep 2004 ICTAC Guiyang, Guizhou, PRC joint.
Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 8.
The Substitution Principle SWE 332 – Fall Liskov Substitution Principle In any client code, if subtype object is substituted for supertype object,
Data Abstraction II SWE 619 Software Construction Last Modified, Spring 2009 Paul Ammann.
CSE 331 SOFTWARE DESIGN & IMPLEMENTATION ABSTRACT DATA TYPES II Autumn 2011.
Abstraction Functions. Announcements Exam 1 on Tuesday March 3 rd Closed book/phone/laptop 2 cheat pages allowed (handwritten or typed) 1 double-sided.
Software Testing and Quality Assurance
OOP #10: Correctness Fritz Henglein. Wrap-up: Types A type is a collection of objects with common behavior (operations and properties). (Abstract) types.
Specifications Liskov Chapter 9 SWE 619 Last Updated Fall 2008.
CSE 331 Software Design & Implementation Dan Grossman Fall 2014 Data Abstraction: Abstract Data Types (ADTs) (Based on slides by Mike Ernst, David Notkin,
Cs2220: Engineering Software Class 8: Implementing Data Abstractions Fall 2010 University of Virginia David Evans.
CompSci 105 SS 2005 Principles of Computer Science Lecture 4 Lecturer: Santokh Singh.
Cs205: engineering software university of virginia fall 2006 Data Abstraction David Evans
CSE 331 SOFTWARE DESIGN & IMPLEMENTATION MIDTERM REVIEW Autumn 2011.
SWE 619 © Paul Ammann Procedural Abstraction and Design by Contract Paul Ammann Information & Software Engineering SWE 619 Software Construction cs.gmu.edu/~pammann/
332 Final Review Last updated Fall 2013 Professor Ammann.
Design Patterns Gang Qian Department of Computer Science University of Central Oklahoma.
Comp 302: Software Engineering Data Abstractions.
© Paul Ammann, 2008 Design by Contract Paul Ammann CS/SWE 332.
Data Abstractions EECE 310: Software Engineering.
CSE 331 Software Design & Implementation Hal Perkins Autumn 2012 Abstract Data Types – Examples / Summary (Based on slides by Mike Ernst and David Notkin)
Data Abstraction Gang Qian Department of Computer Science University of Central Oklahoma.
Polymorphism Liskov 8. Outline equals() Revisiting Liskov’s mutable vs. not rule Polymorphism Uniform methods for different types “easy” polymorphism.
ANU COMP2110 Software Design in 2003 Lecture 10Slide 1 COMP2110 Software Design in 2004 Lecture 12 Documenting Detailed Design How to write down detailed.
L13: Design by Contract Definition Reliability Correctness Pre- and post-condition Asserts and Exceptions Weak & Strong Conditions Class invariants Conditions.
Data Abstraction SWE 619 Software Construction Last Modified, Spring 2009 Paul Ammann.
Understanding ADTs CSE 331 University of Washington.
Representation invariants and abstraction functions CSE 331 UW CSE.
PROGRAMMING PRE- AND POSTCONDITIONS, INVARIANTS AND METHOD CONTRACTS B MODULE 2: SOFTWARE SYSTEMS 13 NOVEMBER 2013.
Polymorphism SWE 619. Outline equals() Revisiting Liskov’s mutable vs. not rule Polymorphism Uniform methods for different types “easy” polymorphism Element.
Abstraction, Specification and Verification. Comp 302, Spring Abstraction Hiding or overlooking detail that is not relevant for the task at hand.
DBC NOTES. Design By Contract l A contract carries mutual obligations and benefits. l The client should only call a routine when the routine’s pre-condition.
CSE 331 Software Design & Implementation Hal Perkins Winter 2015 Data Abstraction: Abstract Data Types (ADTs) (Based on slides by Mike Ernst, Dan Grossman,
CSE 331 SOFTWARE DESIGN & IMPLEMENTATION ABSTRACT DATA TYPES Autumn 2011.
619 Final Review Last updated Fall 2011 Paul Ammann.
David Evans CS201J: Engineering Software University of Virginia Computer Science Lecture 7: A Tale of Two Graphs (and.
David Evans CS201J: Engineering Software University of Virginia Computer Science Lecture 5: Implementing Data Abstractions.
Zach Tatlock / Winter 2016 CSE 331 Software Design and Implementation Lecture 6 Representation Invariants.
Representation Invariants and Abstraction Functions.
Reasoning and Design (and Assertions). How to Design Your Code The hard way: Just start coding. When something doesn’t work, code some more! The easier.
© Bertrand Meyer and Yishai Feldman Notice Some of the material is taken from Object-Oriented Software Construction, 2nd edition, by Bertrand Meyer (Prentice.
CSE 331 Software Design & Implementation Hal Perkins Autumn 2012 Data Abstraction: Abstract Data Types (ADTs) (Based on slides by Mike Ernst and David.
Programming Techniques Lec05 Data Abstraction (Chapter 5) Software Engineering Fall 2005.
EECE 310: Software Engineering
Introduction to CS/SWE 332
CSE 331 Software Design & Implementation
CSE 331 Software Design & Implementation
CSE 331 Software Design and Implementation
Specifications Liskov Chapter 9
Abstraction Functions and Representation Invariants
CSE 331 Software Design and Implementation
Abstraction functions, Reasoning About ADTs
Section 6: Midterm Review
Implementing Non-Static Features
Equality, conclusion Based on material by Michael Ernst, University of Washington.
CSE 331 Software Design and Implementation
Introduction to CS/SWE 332
Data Abstraction David Evans cs205: engineering software
CSE 331 Software Design & Implementation
SWE 619 Software Construction Last Modified, Fall 2015 Paul Ammann
Method Verification CS/SWE 332 Paul Ammann.
Lecture 7: A Tale of Two Graphs CS201j: Engineering Software
Lecture 4: Data Abstraction CS201j: Engineering Software
619 Final Review Last updated Spring 2010 © : Paul Ammann.
619 Final Review Fall 2017 Professor Ammann.
EECE 310: Software Engineering
Assertions References: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 4/25/2019.
Reasoning about Data Abstractions
Presentation transcript:

Method Verification Paul Ammann

Verification vs Validation A given implementation is correct with respect to another description Validation A given description is desirable We will focus on Verification in this lecture Good news! All Verification Obligations follow the same basic model!

Verification of Method Contracts in Data Abstractions First basic problem Contract is in JavaDoc Code is in Java How are the states related? Solution: Abstraction Function maps Representation States to Abstract States

Key to verifying methods in isolation Common (flawed) informal approach to analyzing a given method: See how other methods behave Worry about method interactions Interactions are reflected in representation state. This doesn’t scale! Instead, we want to analyze each method by itself We need a general description of important properties relevant to all methods Exactly what the Rep Invariant does

Method Verification: Part 1 The Representation Invariant Does the method establish/maintain the rep-invariant? Base case for constructors Plus any other methods that create objects Clone? Serialization? Inductive case for mutators

Method Verification Part 2: The Contract Given The Rep Invariant as an Assumption Given Preconditions as Assumptions Does the Postcondition Hold? Need to Map States Through Abstraction Function

Verification In Diagram Form Abstract State (Before) Abstract State (After) Method Contract ? AF() AF() Representation State (After) Representation State (Before) Method Code

Verification Example Exactly what is incorrect? Verification tools: Diagram shown for method verification Will revisit same diagram for overridden methods Example to develop in class: public class Members { // Members is a mutable record of organization membership // AF: ?? // rep-inv: ?? List<Person> members; // the representation // Post: person becomes a member public void join (Person person) { members.add (person);} // Post: person is no longer a member public void leave(Person person) { members.remove(person);} } Exactly what is incorrect? Verification tools: Contract, Abstraction function, Representation Invariant Validation question: What about null values in members?

Verification Example - Analysis rep-inv: members != null && no duplicates in members rep-inv: members != null join() Maintain rep-inv? Yes Satisfy contract? leave() No join() Maintain rep-inv? No Satisfy contract? Not a meaningful question leave() Yes

Verification Example – Repair 1 Analysis rep-inv: members != null join() As is leave() while (members.contains(person)) { members.remove(person); } join() Maintain rep-inv? Yes – already analyzed Satisfy contract? leave() Yes

Verification Example – Repair 2 Analysis rep-inv: members != null && no duplicates in members join() if (!members.contains(person)) { members.add(person); { leave() As is join() Maintain rep-inv? Yes Satisfy contract? leave() Yes – Already analyzed

Another Verification Example public class Poly { // Polys are immutable polynomials c0 + c1x + c2x^2 + … // AF: ci = trms[i] for appropriate values of i // rep-inv: deg = trms.length-1 // trms.length >= 1 // trms != null // if deg > 0 then trms[deg] != 0 int[] trms; int deg; // the representation // Post: Return degree of this, ie largest exponent with // coefficient != 0. Returns 0 if this is zero Poly public int degree() { return deg; } // Other methods omitted } How do we decide if degree() is correct? How must code change if rep-inv changes?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.