Cs205: engineering software university of virginia fall 2006 David Evans www.cs.virginia.edu/cs205 Substitution Principle.

Slides:



Advertisements
Similar presentations
Cs205: engineering software university of virginia fall 2006 Specifying Procedures David Evans
Advertisements

Cs2220: Engineering Software Class 10: Generic Datatypes Fall 2010 University of Virginia David Evans.
INF 212 ANALYSIS OF PROG. LANGS Type Systems Instructors: Crista Lopes Copyright © Instructors.
Giving a formal meaning to “Specialization” In these note we try to give a formal meaning to specifications, implementations, their comparisons. We define.
The Substitution Principle SWE 332 – Fall Liskov Substitution Principle In any client code, if subtype object is substituted for supertype object,
1 Mooly Sagiv and Greta Yorsh School of Computer Science Tel-Aviv University Modern Compiler Design.
METHOD OVERRIDING Sub class can override the methods defined by the super class. Overridden Methods in the sub classes should have same name, same signature.
David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 13: Concurring Concurrently.
Inheritance (Part 3) 1. Preconditions and Inheritance  precondition  what the method assumes to be true about the arguments passed to it  inheritance.
David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 19: Minding Ps & Qs: Axiomatic.
David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 16: Concurrent Programming.
5/17/2015 OO Design: Liskov Substitution Principle 1.
1 Design by Contract Building Reliable Software. 2 Software Correctness Correctness is a relative notion  A program is correct with respect to its specification.
CSE341: Programming Languages Lecture 26 Subtyping for OOP Dan Grossman Fall 2011.
Subclasses and Subtypes CMPS Subclasses and Subtypes A class is a subclass if it has been built using inheritance. ▫ It says nothing about the meaning.
Cs205: engineering software university of virginia fall 2006 Semantics and Specifying Procedures David Evans
Slides by Vinod Rathnam with material from Alex Mariakakis Kellen Donohue, David Mailhot, and Hal Perkins Midterm Review.
Procedure specifications CSE 331. Outline Satisfying a specification; substitutability Stronger and weaker specifications - Comparing by hand - Comparing.
Cs2220: Engineering Software Class 11: Subtyping and Inheritance Fall 2010 University of Virginia David Evans.
Cs3102: Theory of Computation Class 18: Proving Undecidability Spring 2010 University of Virginia David Evans.
David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 18: Behavioral Subtyping and.
1 Abstraction  Identify important aspects and ignore the details  Permeates software development programming languages are abstractions built on hardware.
Cs205: engineering software university of virginia fall 2006 Data Abstraction David Evans
Contract based programming Using pre- and post-conditions, and object invariants Contract based programming1.
1 COSC3557: Object-Oriented Programming Haibin Zhu, Ph. D. Associate Professor of CS, Nipissing University.
SWE 619 © Paul Ammann Procedural Abstraction and Design by Contract Paul Ammann Information & Software Engineering SWE 619 Software Construction cs.gmu.edu/~pammann/
Exceptions Handling Exceptionally Sticky Problems.
Low-Level Detailed Design SAD (Soft Arch Design) Mid-level Detailed Design Low-Level Detailed Design Design Finalization Design Document.
David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 12: Subtyping Rules What’s the.
1 cs205: engineering software university of virginia fall 2006 Avoiding Software Disasters.
David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 17: Inheritance & Behavioral.
Pre- and postconditions, Using assertions and exceptions 1 Pre- and postconditions Using assertions and exceptions.
Type Abstraction Liskov, Chapter 7. 2 Liskov Substitution Principle In any client code, if the supertype object is substituted by a subtype object, the.
Type Abstraction SWE Spring October 05Kaushik, Ammann Substitution Principle “In any client code, if supertype object is substituted.
Inheritance (Part 5) Odds and ends 1. Static Methods and Inheritance  there is a significant difference between calling a static method and calling a.
David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 14: Substitution Principle.
David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 16: Smalltalking about Objects.
Subtype Polymorphism, Subtyping vs
Cs205: engineering software university of virginia fall 2006 Subtyping and Inheritance David Evans Quiz Friday: classes through.
Difficult Specifications in Javari Immutability Inference Jaime Quinonez Program Analysis Group April 20, 2007.
Exceptions in C++. Exceptions  Exceptions provide a way to handle the errors generated by our programs by transferring control to functions called handlers.
L13: Design by Contract Definition Reliability Correctness Pre- and post-condition Asserts and Exceptions Weak & Strong Conditions Class invariants Conditions.
CSCI-383 Object-Oriented Programming & Design Lecture 24.
CSSE501 Object-Oriented Development. Chapter 10: Subclasses and Subtypes  In this chapter we will explore the relationships between the two concepts.
Cs2220: Engineering Software Class 12: Substitution Principle Fall 2010 University of Virginia David Evans.
Cs2220: Engineering Software Class 13: Behavioral Subtyping Fall 2010 University of Virginia David Evans.
DBC NOTES. Design By Contract l A contract carries mutual obligations and benefits. l The client should only call a routine when the routine’s pre-condition.
David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 10: Programming Exceptionally.
David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 11: Subtyping and Inheritance.
Cs205: engineering software university of virginia fall 2006 Programming Exceptionally David Evans
Subtype Polymorphism, Subtyping vs. Subclassing, Liskov Substitution Principle.
David Evans CS201J: Engineering Software University of Virginia Computer Science Lecture 5: Implementing Data Abstractions.
Inheritance (Part 3) 1. Preconditions and Inheritance  precondition  what the method assumes to be true about the arguments passed to it  inheritance.
CSCI 383 Object-Oriented Programming & Design Lecture 22 Martin van Bommel.
Design by Contract Jim Fawcett CSE784 – Software Studio
Design by Contract Jim Fawcett CSE784 – Software Studio
Component Based Software Engineering
CSE 331 Subtyping slides created by Marty Stepp based on materials by M. Ernst, S. Reges, D. Notkin, R. Mercer, Wikipedia
EECE 310: Software Engineering
Type Abstraction SWE Spring 2009.
Subtyping Rules David Evans cs205: engineering software BlackBear
Lecture 3: Abstraction by Specification CS201j: Engineering Software?
Type Abstraction Liskov, Chapter 7.
Lecture 4: Data Abstraction CS201j: Engineering Software
EECE 310: Software Engineering
Lecture 10: Using Object-Oriented Languages
Assertions References: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 4/25/2019.
Lecture 13: Subtyping Rules Killer Bear Climber
Type Abstraction SWE Spring 2013.
Presentation transcript:

cs205: engineering software university of virginia fall 2006 David Evans Substitution Principle

2 cs205: engineering software How do we know if saying B is a subtype of A is safe? Substitution Principle: If B is a subtype of A, everywhere the code expects an A, a B can be used instead and the program still satisfies its specification

3 cs205: engineering software Subtype Condition 1: Signature Rule We can use a subtype method where a supertype methods is expected: –Subtype must implement all of the supertype methods –Argument types must not be more restrictive –Result type must be at least as restrictive –Subtype method must not throw exceptions that are not subtypes of exceptions thrown by supertype

4 cs205: engineering software Signature Rule class A { public R A m (P A p) ; } class B extends A { public R B m (P B p) ; } R B must be a subtype of R A : R B <= R A P B must be a supertype of P A : P B >= P A covariant for results, contravariant for parameters

5 cs205: engineering software Precondition of the subtype method must be weaker than the precondition of the supertype method. m A.pre  m B.pre Postcondition of the subtype method must be stronger than the postcondition of the supertype method. m B.post  m A.post Subtype Condition 2: Methods Rule

6 cs205: engineering software public int f (a A, x X) { // REQUIRES: a is initialized // EFFECTS: returns a.value * x.value return a.m (x); } public class A { // An A may be initialized or uninitialized. // An initialized A has an associated int value. public int m (x X) { // REQUIRES: this is initialized } public class B extends A { // A B may be initialized or uninitialized. // A B may be awake or asleep. // An initialized B has an associated int value. public int m (x X) { // REQUIRES: this is initialized and awake } Can’t make the precondition stronger! The callsite might not satisfy it.

7 cs205: engineering software public int f (a A, x X) { // REQUIRES: a is initialized // EFFECTS: returns a.value * x.value return a.m (x); } public class A { // An A may be initialized or uninitialized. // An initialized A has an associated int value. public int m (x X) { // REQUIRES: this is initialized } public class B extends A { // A B may be initialized or uninitialized. // A B may be awake or asleep. // An initialized B has an associated int value. public int m (x X) { // REQUIRES: nothing } Okay, precondition is weaker

8 cs205: engineering software Subtypes must preserve all properties described in the overview specification of the supertype. Subtype Condition 3: Properties

9 cs205: engineering software Properties Example public class StringSet { // Overview: An immutable set of Strings. public class MutStringSet extends StringSet { // Overview: A mutable set of Strings. MutStringSet cannot be a subtype of StringSet, since it does not satisfy unchangable property.

10 cs205: engineering software Properties Example public class StringSet extends MutStringSet { // Overview: An immutable set of Strings. public class MutStringSet { // Overview: A mutable set of Strings. StringSet could be a subtype of MutStringSet according to the properties rule....but couldn’t satisfy methods rule

11 cs205: engineering software Substitution Principle Summary Signatures: subtype methods must be type correct in supertype callsites: result is a subtype (covariant), parameters are supertypes (contravariant) Methods: subtype preconditions must be weaker than supertype preconditions (covariant); subtype postconditions must be stronger than supertype postconditions (contravariant) Properties: subtype must preserve all properties specified in supertype overview

12 cs205: engineering software Substitution Mystery …(in client code) MysteryType1 mt1; MysteryType2 mt2; MysteryType3 mt3; …(anything could be here) mt1 = mt2.m (mt3); If the Java compiler accepts this code, which of these are guaranteed to be true: a.The apparent type of mt2 is MysteryType2 b.At the last statement, the actual type of mt2 is MysteryType2 c.MysteryType2 has a method named m d.The MysteryType2.m method takes a parameter of type MysteryType3 e.The MysteryType2.m method returns a subtype of MysteryType1 f.After the last statement, the actual type of mt1 is MysteryType1

13 cs205: engineering software …(in client code) MysteryType1 mt1; MysteryType2 mt2; MysteryType3 mt3; …(anything could be here) mt1 = mt2.m (mt3); a.The apparent type of mt2 is MysteryType2 b.At the last statement, the actual type of mt2 is MysteryType2 c.MysteryType2 has a method named m d.The MysteryType2.m method takes a parameter of type MysteryType3 e.The MysteryType2.m method returns a subtype of MysteryType1 f.After the last statement, the actual type of mt1 is MysteryType1 TRUE: the apparent type is obvious from the declaration. FALSE: we only know the actual type <= MysteryType2 TRUE FALSE: we only know it takes a parameter >= MysteryType3 TRUE: the assignment type checking depends on this FALSE: we only know that the actual type <= MysteryType1

14 cs205: engineering software Demystifying Subtyping class A { public RA m (PA p) ; } …(in client code) MysteryType1 mt1; MysteryType2 mt2; MysteryType3 mt3; … mt1 = mt2.m (mt3); RA must be a subtype of MysteryType1: RA <= MysteryType1 MysteryType3 must be a subtype of PA: PA >= MysteryType3 If A is MysteryType2, what do we know about RA and PA ?

15 cs205: engineering software Subtyping Rules class A { public RA m (PA p) ; } class B extends A { public RB m (PB a); } …(in client code) MysteryType1 mt1; MysteryType2 mt2; MysteryType3 mt3; … mt1 = mt2.m (mt3); RB must be a subtype of RA: RB <= RA PA must be a subtype of PB: PB >= PA If B <= A, what do we know about RB and PB ?

16 cs205: engineering software Substitution Principle Summary Param Types Psub  Psuper Preconditions pre_sub  pre_super Result Type Rsub  Rsuper Postconditions post_sub  post_super Properties properties_sub  properties_super contravariant for inputs covariant for outputs These properties ensure if sub is a subtype of super, code that is correct using an object of supertype is correct using an object of subtype.

17 cs205: engineering software Substitution Principle Is this the only way?

18 cs205: engineering software Eiffel’s Rules (Described in Bertrand Meyer paper out today)

19 cs205: engineering software Eiffel Rules Skier set_roommate (Skier) Boy Girl The types of the parameters in the subtype method may be subtypes of the supertype parameters. How can Girl override set_roomate ? set_roommate (Girl g) set_roommate (Boy b) Opposite of substitution principle!

20 cs205: engineering software Substitution Principle / Eiffel class A { public RA m (PA p) ; } class B extends A { public RB m (PB a); } …(in client code) MysteryType1 mt1; MysteryType2 mt2; MysteryType3 mt3; … mt1 = mt2.m (mt3); Substitution PrincipleEiffel Parameters Psub  PsuperPsub  Psuper Preconditions pre_sub  pre_superpre_sub  pre_super Result Rsup  Rsuper Postconditions post_sup  post_super

21 cs205: engineering software Eiffel and I Can’t Get Up? s: skier; g: girl; b: boy; s := g;... s.set_roommate (b); Skier set_roommate (Skier) Boy Girl set_roomate (Girl) Meyer’s paper is all about the contortions Eiffel needs to deal with non-substitutable subtypes

22 cs205: engineering software Charge Must it be assumed that because we are engineers beauty is not our concern, and that while we make our constructions robust and durable we do not also strive to make them elegant? Is it not true that the genuine conditions of strength always comply with the secret conditions of harmony? Gustav Eiffel

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.