SWE 4743 Abstract Data Types Richard Gesick. SWE 4743 2-20 Abstract Data Types Object-oriented design is based on the theory of abstract data types Domain.

Slides:

Advertisements

Similar presentations

Design by Contract.

Advertisements

Building Bug-Free O-O Software: An Introduction to Design By Contract A presentation about Design By Contract and the Eiffel software development tool.

Carlos D. Rivera February 28, 2007 Design-by-Contract.

Exceptions CSE301 University of Sunderland Harry Erwin, PhD.

11-Jun-14 The assert statement. 2 About the assert statement The purpose of the assert statement is to give you a way to catch program errors early The.

Design by Contract. Design by contract is the process of developing software based on the notion of contracts between objects, which are expressed as.

Data Abstraction II SWE 619 Software Construction Last Modified, Spring 2009 Paul Ammann.

1 Design by Contract Building Reliable Software. 2 Software Correctness Correctness is a relative notion  A program is correct with respect to its specification.

Feb 2003 R McFadyen1 Contracts (Ch 13) Used to help understand requirements more completely based on assertions; assertions are applicable to any.

Chapter 8 Designing Classes. Assignment Chapter 9 Review Exercises (Written)  R8.1 – 8.3, 8.5 – 8.7, 8. 10, 8.11, 8.13, 8.15, 8.19, 8.20 Due Friday,

Object Oriented Design An object combines data and operations on that data (object is an instance of class) data: class variables operations: methods Three.

Software Engineering and Design Principles Chapter 1.

Jan 2005 Ron McFadyen1 Contracts Used to help understand requirements more completely (and so may not always be necessary) based on assertions;

Software Testing and Quality Assurance

Static and Dynamic Contract Verifiers For Java Hongming Liu.

© 2006 Pearson Addison-Wesley. All rights reserved4-1 Chapter 4 Data Abstraction: The Walls.

September 2002 R McFadyen1 Domain Model Use Case Model text diagram SSD System operation contracts Design Model Figure 13.3.

© 2006 Pearson Addison-Wesley. All rights reserved4-1 Chapter 4 Data Abstraction: The Walls.

CSC 395 – Software Engineering Lecture 21: Overview of the Term & What Goes in a Data Dictionary.

Eiffel Language and Design by Contract Contract –An agreement between the client and the supplier Characteristics –Expects some benefits and is prepared.

1 © Wolfgang Pelz Design by Contract Design by Contract™ Based on material drawn from: Bertrand.

SWE 4743 Abstract Data Types Richard Gesick. SWE Abstraction Classification, generalization, and aggregation are the basic ways we have of structuring.

Computer Science 340 Software Design & Testing Design By Contract.

Ranga Rodrigo. Class is central to object oriented programming.

Unit Testing & Defensive Programming. F-22 Raptor Fighter.

PRAGMATIC PARANOIA Steven Hadfield & Anthony Rice.

Testing. What is Testing? Definition: exercising a program under controlled conditions and verifying the results Purpose is to detect program defects.

07 Coding Conventions. 2 Demonstrate Developing Local Variables Describe Separating Public and Private Members during Declaration Explore Using System.exit.

Errors And How to Handle Them. GIGO There is a saying in computer science: “Garbage in, garbage out.” Is this true, or is it just an excuse for bad programming?

Overview of Formal Methods. Topics Introduction and terminology FM and Software Engineering Applications of FM Propositional and Predicate Logic Program.

1 Assertions. 2 assertions communicate assumptions about the state of the program, and stop processing if they turn out to be false very often comments.

Design by Contract in Java Concept and Comparison.

SWE 619 © Paul Ammann Procedural Abstraction and Design by Contract Paul Ammann Information & Software Engineering SWE 619 Software Construction cs.gmu.edu/~pammann/

Low-Level Detailed Design SAD (Soft Arch Design) Mid-level Detailed Design Low-Level Detailed Design Design Finalization Design Document.

CS 261 – Data Structures Preconditions, Postconditions & Assert.

Introduction to Exception Handling and Defensive Programming.

Software Documentation Section 5.5 ALBING’s Section JIA’s Appendix B JIA’s.

What is Testing? Testing is the process of finding errors in the system implementation. –The intent of testing is to find problems with the system.

Programming with Assertions © Allan C. Milne v

Design - programming Cmpe 450 Fall Dynamic Analysis Software quality Design carefully from the start Simple and clean Fewer errors Finding errors.

90-723: Data Structures and Algorithms for Information Processing Copyright © 1999, Carnegie Mellon. All Rights Reserved. 1 Lecture 1: Introduction Data.

(c) University of Washington13-1 CSC 143 Java Specifications: Programming by Contract Reading: Ch. 5.

1 Devon M. Simmonds, Computer Science Department Design by Contract Devon M. Simmonds Computer Science Department University of North Carolina, Wilmington.

Class Design I Class Contracts Readings: 2 nd Ed: Section 9.5, Advanced Topic nd Ed: Section 8.5, Advanced Topic 8.2 Some ideas come from: “Practical.

ANU COMP2110 Software Design in 2003 Lecture 10Slide 1 COMP2110 Software Design in 2004 Lecture 12 Documenting Detailed Design How to write down detailed.

L13: Design by Contract Definition Reliability Correctness Pre- and post-condition Asserts and Exceptions Weak & Strong Conditions Class invariants Conditions.

Defensive Programming CNS 3370 Copyright 2003, Fresh Sources, Inc.

PROGRAMMING PRE- AND POSTCONDITIONS, INVARIANTS AND METHOD CONTRACTS B MODULE 2: SOFTWARE SYSTEMS 13 NOVEMBER 2013.

Programming & Debugging. Key Programming Issues Modularity Modifiability Ease of Use Fail-safe programming Style Debugging.

DBC NOTES. Design By Contract l A contract carries mutual obligations and benefits. l The client should only call a routine when the routine’s pre-condition.

Effective Java, Chapter 9: Exceptions Items Last modified Fall 2012 Paul Ammann.

Object Design More Design Patterns Object Constraint Language Object Design Specifying Interfaces Review Exam 2 CEN 4010 Class 18 – 11/03.

Defensive Programming. Good programming practices that protect you from your own programming mistakes, as well as those of others – Assertions – Parameter.

Design by Contract. The Goal Ensure the correctness of our software (correctness) Recover when it is not correct anyway (robustness) Correctness: Assertions.

CPSC 252 ADTs and C++ Classes Page 1 Abstract data types (ADTs) An abstract data type is a user-defined data type that has: private data hidden inside.

Reasoning and Design (and Assertions). How to Design Your Code The hard way: Just start coding. When something doesn’t work, code some more! The easier.

© Bertrand Meyer and Yishai Feldman Notice Some of the material is taken from Object-Oriented Software Construction, 2nd edition, by Bertrand Meyer (Prentice.

Data Abstraction: The Walls

Chapter 6 CS 3370 – C++ Functions.

Used to help understand requirements more completely

Logger, Assert and Invariants

CSE 143 Error Handling [Section 2.8] 3/30/98 CSE 143.

Design by Contract Fall 2016 Version.

CSC 143 Error Handling Kinds of errors: invalid input vs programming bugs How to handle: Bugs: use assert to trap during testing Bad data: should never.

Effective Java, 3rd Edition Chapter 10: Exceptions

Assertions References: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 4/25/2019.

SWE 619 Last modified Fall 2007 Saket Kaushik, Paul Ammann

Effective Java, Chapter 9: Exceptions

Computer Science 340 Software Design & Testing

Defensive Programming

Presentation transcript:

SWE 4743 Abstract Data Types Richard Gesick

SWE Abstract Data Types Object-oriented design is based on the theory of abstract data types Domain and implementation concepts are modeled in software as ADTs Interfaces capture the essence of an ADT Classes provide implementations of ADTs

SWE Abstract Data Types Even if a class doesn’t implement a pre-defined interface, it still defines an ADT as embodied in its public interface –In this case, the ADT definition is combined with its implementation Explicit interfaces are used if we expect to have multiple implementations of the ADT –interface List, class ArrayList, class LinkedList, … If we expect an ADT to have only one implementation, we often combine the ADT definition and implementation in the same class

SWE Defining ADTs ADT = syntax + semantics Each ADT operation has: name, parameter list, return type ADT clients must conform to this syntax, or they will fail to compile Each ADT operation also has semantics: What is the meaning of the operation? What does it do? Classes that implement ADTs must faithfully adhere to operation semantics as well as syntax –What would happen if ArrayStack’s push implementation fires a nuclear missile rather than pushing a value on the stack?

SWE Defining ADTs Source code precisely defines ADT syntax Compilers enforce ADT syntax Source code does not precisely define semantics Compilers cannot enforce semantics ADT semantics are typically defined by comments in the code, if they’re defined at all Comment each operation explaining what it does

SWE Defining ADTs Imprecise or incomplete definitions of ADT semantics lead to reliability problems: –Clients and implementers have different ideas of what an operation does –Differing assumptions lead to defects Reliability is even more important in object- oriented programming than elsewhere. –Why?

SWE Design By Contract DBC is a technique for more precisely defining ADT semantics, thus preventing misunderstandings DBC is based on the real-world notion of a legal contract –A contract involves a “client” and a “supplier” –Each side has obligations and expected benefits, which are precisely defined in the contract –If a party performs their obligations, they are guaranteed to receive the promised benefits

SWE Defining operation semantics: Pre-conditions & Post-conditions An ADT is a contract between client and supplier Each operation has Pre-conditions and Post- conditions Pre-conditions are the client’s obligations Post-conditions are the supplier’s obligations The pre-conditions and post-conditions define the semantics of the operation

SWE Defining operation semantics: Pre-conditions & Post-conditions If a client invokes an operation having satisfied all pre-conditions, the supplier must ensure that all post-conditions are met upon return If the client did not satisfy all pre-conditions, the supplier is under no obligation to satisfy the post-conditions. The supplier could: –Return an error or throw an exception –Just fail (crash, return bad results, etc.)

SWE Exceptions What if the caller satisfied the pre-conditions, but for some reason the supplier is unable to satisfy the post-conditions? –The supplier throws an exception or returns an error –Why might a supplier fail to satisfy the post- conditions? –External factors beyond supplier’s control (hard disk crash, Internet down, etc.) If the client fails to meet pre-conditions, the supplier can throw an exception or return an error if it wants to, but isn’t required to

SWE Exceptions If an operation could throw an exception or return an error, the contract should explicitly define the possible exceptions/errors so clients can handle them

SWE Class Invariants Pre and Post-conditions apply only to single operations Some supplier obligations apply to every operation on the ADT Class Invariants are post-conditions that apply to every operation

SWE Class Invariants What is a constructor’s job? Constructors must establish all class invariants –When a constructor completes, all class invariants must be satisfied –If a constructor cannot establish the class invariants, it should throw an exception In addition to their post-conditions, public operations must also ensure that all class invariants are satisfied upon return –I.E., the class invariants are ANDed with the post-conditions of every public operation Class invariants may be temporarily violated while a public operation is executing, but they must be reestablished before the operation returns

SWE Class Invariants An ordered list is a good example of an ADT with which invariants, preconditions, and postconditions can be demonstrated. An invariant of an ordered list is that both before and after any operation, the list is ordered. This may seem obvious, but work is required to maintain the list order during insertion and removal.

SWE Class Invariants And, depending on implementation, the list may not be ordered at some point during an operation. Consider insertion into an ordered list implemented using a C++ array. If insertion involves appending the new item and then sorting the list, then during the insertion operation the list will not be ordered. This does not violate the invariant, so long as the invariant is true when the operation concludes.

SWE Testing How do you test? –If statements –Assertions Guidelines –Do not use assertions on public interface methods –Do not use assertions to do any work your program requires for correct operation –Use for Internal invariants, control flow invariants Pre, post, invariants for private methods By default, assertions are disabled –Use –ea to enable assertions

SWE DBC vs. Defensive Programming Defensive Programming says: –Operation implementations should be bullet-proof –Check all parameters for validity before using them –Return error or throw exception if parameters are invalid, but never crash Puts heavy burden on the supplier Results in lots of parameter checking code Client and supplier often have redundant checks Results in more code (harder to maintain) Slows programs down (too much redundant checking)

SWE DBC vs. Defensive Programming DBC says: –Ensuring that pre-conditions are met is the client’s job –Operation implementations need not contain code to verify that pre-conditions were met (e.g., no parameter checking code) –If pre-conditions are not met and something unseemly occurs, it is the client’s fault, and they got what they deserved –Suppliers must throw an exception if post-conditions cannot be met Puts more burden on clients Results in less and more efficient code As a debugging tool, operation implementations may include assert statements to verify that pre-conditions were met, but this is optional, and all assertions should be turned off in the final release of the software

SWE DBC vs. Defensive Programming Designers must make a conscious choice between Defensive Programming and DBC

SWE Documenting ADTs with javadoc Interfaces and classes –Header comment (custom tag) Operations –Header comment (custom tag) (custom tag) (this is really a post-condition)