A software specification indicates the task (or some aspect of the task) that is supposed to be performed when software executes. Types of Specifications.

Slides:



Advertisements
Similar presentations
AP Computer Science Anthony Keen. Computer 101 What happens when you turn a computer on? –BIOS tries to start a system loader –A system loader tries to.
Advertisements

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Container Classes A container class is a data type that is capable of holding a collection of items. In C++, container classes can be implemented as.
Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 8.
A queue is a linear, homogeneous, container that stores and dispenses its content in a FIFO manner. FIFO - First In First Out The first (most distant)
Reasoning About Code; Hoare Logic, continued
A software specification indicates the task (or some aspect of the task) that is supposed to be performed when software executes. Types of Specifications.
Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.
Software Engineering and Design Principles Chapter 1.
1 Specifying Object Interfaces. 2 Major tasks in this stage: --are there any missing attributes or operations? --how can we reduce coupling, make interface.
Software Testing and Quality Assurance
Chair of Software Engineering 1 Introduction to Programming Bertrand Meyer Exercise Session 6 7 October 2008.
Dr. Muhammed Al-Mulhem 1ICS ICS 535 Design and Implementation of Programming Languages Part 1 Fundamentals (Chapter 4) Axiomatic Semantics ICS 535.
Component-Based Software Engineering Components and Interfaces Paul Krause.
Ranga Rodrigo. Class is central to object oriented programming.
CSC 142 C 1 CSC 142 Object based programming in Java [Reading: chapter 4]
Procedure specifications CSE 331. Outline Satisfying a specification; substitutability Stronger and weaker specifications - Comparing by hand - Comparing.
Program Errors Syntax errors Logic errors
1 Abstraction  Identify important aspects and ignore the details  Permeates software development programming languages are abstractions built on hardware.
By Nicholas Policelli An Introduction to Java. Basic Program Structure public class ClassName { public static void main(String[] args) { program statements.
Software reuse means to “borrow” existing code. How can you reuse an existing class to make a new one? Such reuse is really an adaptation -- using the.
1 Assertions. 2 assertions communicate assumptions about the state of the program, and stop processing if they turn out to be false very often comments.
More About Classes Ranga Rodrigo. Information hiding. Copying objects.
CS 261 – Data Structures Preconditions, Postconditions & Assert.
Two Parts of Every ADT An abstract data type (ADT)  is a type for encapsulating related data  is abstract in the sense that it hides distracting implementation.
A queue is a linear, homogeneous, container that stores and dispenses its content in a FIFO manner. FIFO - Fast In First Out The first (most distant) item.
Today’s Agenda  Quick Review  Continue on JML Formal Methods in Software Engineering1.
 A Collection class is a data type that is capable of holding a group of items.  In Java, Collection classes can be implemented as a class, along with.
Example Consider the following class specification for a class that stores a bunch of characters. /* class invariant *this bunch contains one or more char.
Application: Correctness of Algorithms Lecture 22 Section 4.5 Fri, Mar 3, 2006.
© Paul Ammann, 2008 Design by Contract Paul Ammann CS/SWE 332.
CSC 480 Software Engineering Design by Contract. Detail Design Road Map Begin with architectural models  Class model: domain classes  Overall state.
Application: Correctness of Algorithms Lecture 22 Section 4.5 Fri, Feb 18, 2005.
BEGINNING PROGRAMMING.  Literally – giving instructions to a computer so that it does what you want  Practically – using a programming language (such.
Pre- and postconditions, Using assertions and exceptions 1 Pre- and postconditions Using assertions and exceptions.
Review TEST 2 Chapters 4,5,7. QUESTION For which type of operands does the == operator always work correctly: (a) int, (b) double, or (c) String?
CS-I MidTerm Review Hao Jiang Computer Science Department Boston College.
4.3.1 Non-void Methods Parameters are largely one-way communication.  Shared instances variables is one way to accomplish this. calling codemethod parameter.
Class Design I Class Contracts Readings: 2 nd Ed: Section 9.5, Advanced Topic nd Ed: Section 8.5, Advanced Topic 8.2 Some ideas come from: “Practical.
L13: Design by Contract Definition Reliability Correctness Pre- and post-condition Asserts and Exceptions Weak & Strong Conditions Class invariants Conditions.
Example of Aggregation 1) aggregation - the class contains other structure(s) 2) specialization - the new class is a special case of the data structure.
PROGRAMMING PRE- AND POSTCONDITIONS, INVARIANTS AND METHOD CONTRACTS B MODULE 2: SOFTWARE SYSTEMS 13 NOVEMBER 2013.
© 2006 Pearson Addison-Wesley. All rights reserved Non-void Methods Parameters are largely one-way communication.  Shared instances variables is.
The Java Assertion. 2 Assertion A Java statement in JDK 1.4 & newer Intent: enables code to test assumptions. E.g., a method that calculates the a particle’s.
A stack is a linear, homogeneous, container that stores and dispenses its content in a LIFO manner. LIFO - Last In First Out The last (most recent) item.
Java Basics. Tokens: 1.Keywords int test12 = 10, i; int TEst12 = 20; Int keyword is used to declare integer variables All Key words are lower case java.
CORRECTNESS ISSUES AND LOOP INVARIANTS Lecture 8 CS2110 – Fall 2014.
Searching algorithms can be applied to different kinds of containers. Searching algorithms can search for different things.  search for the value 4.00.
CSE 374 Programming Concepts & Tools Hal Perkins Fall 2015 Lecture 17 – Specifications, error checking & assert.
Topics introduced today (these topics would be covered in more detail in later classes) – Primitive Data types Variables Methods “for” loop “if-else” statement.
CS1010 Discussion Group 11 Week 5 – Functions, Selection, Repetition.
Bill Tucker Austin Community College COSC 1315
Formal Specification of Java Interfaces
Reasoning about code CSE 331 University of Washington.
CSE 143 Error Handling [Section 2.8] 3/30/98 CSE 143.
The Object Constraint Language
Methods The real power of an object-oriented programming language takes place when you start to manipulate objects. A method defines an action that allows.
Design by Contract Fall 2016 Version.
Object initialization: constructors
Slides by Steve Armstrong LeTourneau University Longview, TX
Chapter 4 Writing Classes.
Chapter 6 Conditions.
The Object Constraint Language
Object based programming in Java
Object based programming in Java
Java Modeling Language (JML)
Assertions References: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 4/25/2019.
Software Specifications
Presentation transcript:

A software specification indicates the task (or some aspect of the task) that is supposed to be performed when software executes. Types of Specifications Class Diagrams Object Diagrams Activity Diagrams (control flow diagrams) Incomplete specs Assertions (preconditions, postconditions, invariants) Others The Object of Data Abstraction and Structure, David D. Riley © Addison Wesley pub.

An assertion is a statement of fact that is presumed true relative to a code location(s). Example // assert: str is a String and str.length > 2 char firstChar, secondChar, bigChar; firstChar = str.charAt(0); secondChar = str.charAt(1); if (firstChar > secondChar) { bigChar = firstChar; } else { bigChar = secondChar; } /* assert: str.length > 2 and (str.charAt(0) ≥ str.charAt(1) implies bigChar == str.charAt(0)) and (str.charAt(0) ≤ str.charAt(1) implies bigChar == str.charAt(1)) */ The Object of Data Abstraction and Structure, David D. Riley © Addison Wesley pub.

Assertions are based on logic and certain program notations (i.e., variable references and possibly non-void method calls). Assertion Notation Assertions should NOT contain action verbs. SubAssertion1 and SubAssertion2 SubAssertion1 or SubAssertion2 SubAssertion1 implies SubAssertion2 Both subassertions must be true.One or both subassertion is true.When the first subassertion is true, the second must also be true. not SubAssertion1 The subassertion must be false. Logical Operators The Object of Data Abstraction and Structure, David D. Riley © Addison Wesley pub.

Another logical notation, known as quantification, permits expressing assertions about data structures. Assertion Notation forAll(Integer j : 0≤j≤3 | arr[j] > 0 ) forAll(type var : boundaryCondition | SubAssertion ) Form (universal quantification) Example meaning: arr[0] > 0 and arr[1] > 0 and arr[2] > 0 and arr[3] > 0 exists(Integer j : 0≤j≤3 | arr[j] == 7 ) exists(type var : boundaryCondition | SubAssertion ) Form (existential quantification) Example meaning: arr[0] ==7 or arr[1] == 7 or arr[2] == 7 or arr[3] == 7

Assume two arrays of double: arr1 and arr2 and arr1.length == arr2.length == 5 Quantification Examples forAll (Integer r : 0 ≤ r ≤ 3 | arr1[r] < arr1[r+1] ) forAll (w : 0 ≤ w ≤ 4 | arr1[w] == arr2[w] ) exists (k : 0 ≤ k ≤ 4 | arr1[k] == 33 and arr2[k] == 33 ) exists (k : 0 ≤ k ≤ 4 | ( arr1[k] < 0 and forAll (j : k < j ≤ 4 | arr2[k] == arr1[j]) ) ) forAll (j,k : 0 ≤ j,k ≤ 4 and j != k | arr1[j] != arr2[k] ) The Object of Data Abstraction and Structure, David D. Riley © Addison Wesley pub.

An assertion can be located anywhere within executable instructions. However, some locations have been found most effective: Where to place Assertions? Class Invariant Method Precondition Method Postcondition Loop Invariant The Object of Data Abstraction and Structure, David D. Riley © Addison Wesley pub.

Example /** class invariant distanceInMiles > 0 and timeInSeconds > 0 */ public class LapTime { private double distanceInMiles, timeInSeconds; /** pre: d > 0 and t > 0 post: distanceInMiles == d and timeInSeconds == t */ public LapTime(double d, double t) { distanceInMiles = d; timeInSeconds = t; } /** post: distanceInMiles == 60 and timeInSeconds == 3600 */ public void setTo60MPH() { distanceInMiles = 60; timeInSeconds = 3600; } // more methods on later slides } When is each assertion presumed to be true? The Object of Data Abstraction and Structure, David D. Riley © Addison Wesley pub.

Special Postcondition Notations // Within LapTime class /** post: result == distanceInMiles / (timeInSeconds*3600) */ public double milesPerHour() { double velocity; velocity = distanceInMiles/(timeInSeconds*60*60); return velocity } Return value (result) // Within LapTime class /** post: distanceInMiles == * 2 */ public void doubleTheMileage() { distanceInMiles = distanceInMiles * 2; } Previous value The Object of Data Abstraction and Structure, David D. Riley © Addison Wesley pub.

The Object of Data Abstraction and Structure, David D. Riley © Addison Wesley pub. Method Contract Method caller guarantees... precondition & class invariant (at time of method call) Method is required to ensure... postcondition & class invariant (at time of method return) Addendum: A modifies clause can stipulate what alterations are permitted

Using method “contracts,” fills in more design details. java.awt.Color - int redness - int blueness - int greenness - int opaqueness «alpha» «constructor» + Color(int r, int g, int b) + Color(float r, float g, float b, float a) «query» + int getRed() + Color darker() + Color brighter()... Example: the standard Color class. What does this class diagram tell you? What doesn’t it tell you? The Object of Data Abstraction and Structure, David D. Riley © Addison Wesley pub.

java.awt.Color Class Specifications Invariant (for every Color object, c) 0 ≤ redness ≤ 255 and 0 ≤ greenness ≤ 255 and 0 ≤ blueness ≤ 255 and 0 ≤ opaqueness ≤ 255 Constructor Methods public Color(int r, int g, int b) pre: 0 ≤ r ≤ 255 and 0 ≤ g ≤ 255 and 0 ≤ b ≤ 255 (throws IllegalArgumentException) modifies: redness, greenness, blueness, opaqueness post: redness == r and greenness == g and blueness == b and opaqueness == 255 public Color(float r, float g, float b, float a) pre: 0.0 ≤ r ≤ 1.0 and 0.0 ≤ g ≤ 1.0 and 0.0 ≤ b ≤ 1. 0 and 0.0 ≤ a ≤ 1.0 (throws IllegalArgumentException) post: redness == r*255 and greenness == g*255 and blueness == b*255 and opaqueness == a*255 The Object of Data Abstraction and Structure, David D. Riley © Addison Wesley pub.

java.awt.Color Class Specifications (continued) public Color darker() post: result.redness == redness * 0.7 and result. greenness == greenness * 0.7 and result. blueness == blueness * 0.7 and result. opaqueness == 255 Query Methods public int getRed() post: result == redness public Color brighter() post: (redness / 0.7) > 255 implies result.redness == 255 and (redness / 0.7) ≤ 255 implies result.redness == redness / 0.7 and (greenness / 0.7) > 255 implies result. greenness == 255 and (greenness / 0.7) ≤ 255 implies result. greenness == greenness / 0.7 and (blueness / 0.7) > 25 5 implies result. blueness == 255 and (blueness / 0.7) ≤ 255 implies result. blueness == blueness / 0.7 and result. opaqueness == The Object of Data Abstraction and Structure, David D. Riley © Addison Wesley pub.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.