Programming by Contract 2 Object-oriented languages Class Invariants.

Slides:



Advertisements
Similar presentations
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Advertisements

Writing specifications for object-oriented programs K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 21 Jan 2005 Invited talk, AIOOL 2005 Paris,
Design by Contract.
Practice Session 5 Java: Packages Collection Classes Iterators Generics Design by Contract Test Driven Development JUnit.
The Substitution Principle SWE 332 – Fall Liskov Substitution Principle In any client code, if subtype object is substituted for supertype object,
Design by Contract. Design by contract is the process of developing software based on the notion of contracts between objects, which are expressed as.
Data Abstraction II SWE 619 Software Construction Last Modified, Spring 2009 Paul Ammann.
Stacks. What is a stack? Last-in first-out data structure (LIFO) New objects are placed on top Removal restricted to top object Examples?
The Java Assert Statement. 2 Assert A Java statement in JDK 1.4 & newer Intent: enables code to test assumptions. E.g., a method that calculates a particle’s.
Copyright W. Howden1 Lecture 13: Programming by Contract.
Software Testing and Quality Assurance
Static and Dynamic Contract Verifiers For Java Hongming Liu.
1 TCSS 360, Spring 2005 Lecture Notes Programming by Contract: Pre/Postconditions, Invariants and Assertions Relevant Reading: Object-Oriented Design and.
1 CSCD 326 Data Structures I Stacks. 2 Data Type Stack Most basic property: last item in (most recently inserted) is first item out LIFO - last in first.
OOP #10: Correctness Fritz Henglein. Wrap-up: Types A type is a collection of objects with common behavior (operations and properties). (Abstract) types.
Karlstad University Computer Science Design Contracts and Error Management Design Contracts and Errors A Software Development Strategy (anpassad för PUMA)
Program Commenting CS-212 Dick Steflik. Commentary Commentary are pieces of information included in a program’s source files to provide additional information.
Page 1 Building Reliable Component-based Systems Chapter 6 - Semantic Integrity in Component Based Development Chapter 6 Semantic Integrity in Component.
30-Jun-15 Stacks. What is a stack? A stack is a Last In, First Out (LIFO) data structure Anything added to the stack goes on the “top” of the stack Anything.
Eiffel Language and Design by Contract Contract –An agreement between the client and the supplier Characteristics –Expects some benefits and is prepared.
Subclasses and Subtypes CMPS Subclasses and Subtypes A class is a subclass if it has been built using inheritance. ▫ It says nothing about the meaning.
Computer Science 340 Software Design & Testing Design By Contract.
Ranga Rodrigo. Class is central to object oriented programming.
Liang, Introduction to Java Programming, Sixth Edition, (c) 2007 Pearson Education, Inc. All rights reserved Chapter 12 Object-Oriented.
Lecture 16 March 22, 2011 Formal Methods CS 315 Spring Adapted from slides provided by Jason Hallstrom and Murali Sitaraman (Clemson)
Introduction CS 3358 Data Structures. What is Computer Science? Computer Science is the study of algorithms, including their  Formal and mathematical.
TECH Computer Science Data Abstraction and Basic Data Structures Improving efficiency by building better  Data Structure Object IN  Abstract Data Type.
Contract based programming Using pre- and post-conditions, and object invariants Contract based programming1.
Design by Contract in Java Concept and Comparison.
The Daikon system for dynamic detection of likely invariants MIT Computer Science and Artificial Intelligence Lab. 16 January 2007 Presented by Chervet.
111 Protocols CS 4311 Wirfs Brock et al., Designing Object-Oriented Software, Prentice Hall, (Chapter 8) Meyer, B., Applying design by contract,
Low-Level Detailed Design SAD (Soft Arch Design) Mid-level Detailed Design Low-Level Detailed Design Design Finalization Design Document.
1 Stacks. 2 A stack has the property that the last item placed on the stack will be the first item removed Commonly referred to as last-in, first-out,
CS 261 – Data Structures Preconditions, Postconditions & Assert.
Introduction CS 3358 Data Structures. What is Computer Science? Computer Science is the study of algorithms, including their  Formal and mathematical.
Pointers OVERVIEW.
Reasoning about programs March CSE 403, Winter 2011, Brun.
CSC 480 Software Engineering Design by Contract. Detail Design Road Map Begin with architectural models  Class model: domain classes  Overall state.
A tool for test-driven development
Data Abstaraction Chapter 10.
Pre- and postconditions, Using assertions and exceptions 1 Pre- and postconditions Using assertions and exceptions.
Data Structures Using C++ 2E
Software Engineering 2 -Prakash Shrestha.
Protocols Software Engineering II Wirfs Brock et al, Designing Object-Oriented Software, Prentice Hall, Mitchell, R., and McKim, Design by Contract,
David Streader Computer Science Victoria University of Wellington Copyright: David Streader, Victoria University of Wellington Debugging COMP T1.
L13: Design by Contract Definition Reliability Correctness Pre- and post-condition Asserts and Exceptions Weak & Strong Conditions Class invariants Conditions.
SWE 4743 Abstract Data Types Richard Gesick. SWE Abstract Data Types Object-oriented design is based on the theory of abstract data types Domain.
Defensive Programming CNS 3370 Copyright 2003, Fresh Sources, Inc.
PROGRAMMING PRE- AND POSTCONDITIONS, INVARIANTS AND METHOD CONTRACTS B MODULE 2: SOFTWARE SYSTEMS 13 NOVEMBER 2013.
The Java Assertion. 2 Assertion A Java statement in JDK 1.4 & newer Intent: enables code to test assumptions. E.g., a method that calculates the a particle’s.
CSSE501 Object-Oriented Development. Chapter 10: Subclasses and Subtypes  In this chapter we will explore the relationships between the two concepts.
/ PSWLAB Thread Modular Model Checking by Cormac Flanagan and Shaz Qadeer (published in Spin’03) Hong,Shin Thread Modular Model.
DBC NOTES. Design By Contract l A contract carries mutual obligations and benefits. l The client should only call a routine when the routine’s pre-condition.
Design by Contract. The Goal Ensure the correctness of our software (correctness) Recover when it is not correct anyway (robustness) Correctness: Assertions.
© Bertrand Meyer and Yishai Feldman Notice Some of the material is taken from Object-Oriented Software Construction, 2nd edition, by Bertrand Meyer (Prentice.
Topics: jGRASP editor ideosyncrasies assert debugger.
Specifications What? Not how!.
Preconditions precondition: Something your method assumes is true at the start of its execution. Often documented as a comment on the method's header:
Specifying Object Interfaces
CSC 143 Error Handling Kinds of errors: invalid input vs programming bugs How to handle: Bugs: use assert to trap during testing Bad data: should never.
Formal Specification of Interfaces
SWE 619 Software Construction Last Modified, Fall 2015 Paul Ammann
Protocols CS 4311 Wirfs Brock et al., Designing Object-Oriented Software, Prentice Hall, (Chapter 8) Meyer, B., Applying design by contract, Computer,
Go to pollev.com/cse143.
Assertions References: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 4/25/2019.
CSE 1020:Software Development
COP4020 Programming Languages
Stacks.
A Considerate Specification of the Composite Pattern
Presentation transcript:

Programming by Contract 2 Object-oriented languages Class Invariants

Object Lifecycle Constructor (Finalizer) MethodAMethodB state0 state1state2 Born Lives Dies

Client example From a client's viewpoint: { Stack s1 = new Stack; s1.push(new Integer(4)); System.out.println(s1.pop()); // can be collected now }

Preconditions of methods (Finalizer) MethodAMethodB state0 state1state2 Precondition depends upon current object state, plus any inputs to the method. Constructor

Postconditions of methods Postcondition talks about the new state of the object and the method's outputs. May need to refer to initial states and inputs for comparison. (Finalizer) MethodAMethodB state0 state1state2 Constructor

Push Example public class Stack extends Vector { … public void push(Object val) { assert(dataArray != null); int origsize = size(); //save it. assert(origSize >= 0); // Push code... assert( ! empty() ); assert( top() == val ); assert( size() == origsize+1 ); }

Class Invariants Pre/Postconditions only describe the properties of individual methods. We also want to document properties of the whole class. Things which are common to its methods. A class invariant expresses consistency constraints that apply to all objects of that class, all through their lifecycle.

When is class invariant true? Class Invariant is true. Constructor (Finalizer) MethodAMethodB state0 state1state2

Class Invariant Rules Constructors must establish C.Inv. Methods must maintain C.Inv. – However, within the method, the class invariant may be temporarily broken, while data structures are being updated. Finalizer can assume C.Inv. Subclasses should only strengthen C.Inv.

Checking Class Invariants Define an invariant method in each class. public/protected void invariant(); Call it at the end of each constructor, and at the end of each method that modifies the object. (Challenge: disable these calls in release code?). Advantages: – Clear documentation of class data structures. – Catches corrupt data errors ASAP. – Subclasses can refine invariant() adding their own additional checks (strengthen).

Invariant() Example pubIic class Stack extends Vector { … protected void invariant() { super.invariant(); assert(0 <= size()); assert(empty() == (size()==0)); if (!empty()) assert(top() = elementAt(size()-1); }

Program Inspection How many bugs in your new program? – Standard ratio, say 100/1000 LOC? – Debugging is a VERY slow way of removing them (and only removes some obvious ones). Inspection: (Before debugging!) – Read through code carefully. – Think deeply about each line. "What could go wrong here?" "How do I know this is right?" CodingDebugging Inspection

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.