Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSE 374 Programming Concepts & Tools

Published byAileen Simon Modified over 6 years ago

Similar presentations

Presentation on theme: "CSE 374 Programming Concepts & Tools"— Presentation transcript:

1 CSE 374 Programming Concepts & Tools
Hal Perkins Winter 2017 Lecture 17 – Specifications, error checking & assert UW CSE 374 Winter 2017

2 Where we are Talked about testing, but not what (partially) correct was What does it mean to say a program is “correct”? How do we talk about what a program should “do”? What do we do when it “doesn’t”? UW CSE 374 Winter 2017

3 Specifying code? We made a big assumption, that we know what the code is supposed to do! Often, a complete specification is at least as difficult as writing the code. But: It’s still worth thinking about Partial specifications are better than none Checking specifications (at compile-time and/or run-time) is great for finding bugs early and “assigning blame” UW CSE 374 Winter 2017

4 Full specification Often tractable for very simple stuff: “Given integers x,y>0, return their greatest common divisor.” What about sorting a doubly-linked list? Precondition: Can input be NULL? Can any prev and next fields be NULL? Can the list be circular or not? Postcondition: Sorted (how to specify?) And there’s often more than “pre” and “post” – time/space overhead, other effects (such as printing), things that may happen in parallel Specs should guide programming and testing! Should be declarative (“what” not “how”) to decouple implementation and use. UW CSE 374 Winter 2017

5 Partial specifications
The difficulty of full specifications need not mean abandoning all hope Useful partial specs: Can args be NULL? Can args alias? Are pointers to stack data allowed? Dangling pointers? Are cycles in data structures allowed? What is the minimum/maximum length of an array? ... Guides callers, callees, and testers UW CSE 374 Winter 2017

6 Beyond testing Specs are useful for more than “things to think about while coding” and testing and comments Sometimes you can check them dynamically, e.g., with assertions (all examples true for C and Java) Easy: argument not NULL Harder but doable: list not cyclic Impossible: Does the caller have other pointers to this object? UW CSE 374 Winter 2017

7 assert in C #include <assert.h> void f(int *x, int*y) {
assert(x!=NULL); assert(x!=y); ... } assert is a macro; ignore argument if NDEBUG defined at time of #include, else evaluate and if zero (false!) exit program with file/line number in error message Watch Out! Be sure that none of the code in an assert has side effects that alter the program’s behavior. Otherwise you get different results when assertions are enabled vs. when they are not UW CSE 374 Winter 2017

8 assert style Many guidelines are overly simply and say “always” check everything you can., but: Often not on “private” functions (caller already checked) Unnecessary if checked statically “Disabled” in released code because: executing them takes time failures are not fixable by users anyway assertions themselves could have bugs/vulnerabilities Others say: Should leave enabled; corrupting data on real runs is worse than when debugging UW CSE 374 Winter 2017

9 assert vs exceptions; error checking
Suppose a condition should be true at a given point in the program, but it’s not. What do we do? Common practice: If the condition involves preconditions of a public interface (x  0, list not full, p not NULL,…), treat a failure as an error and throw an exception or terminate with an error code Don’t trust client code you don’t control! If the condition is an internal matter, a failure represents a programming error (bug). Check this with assert UW CSE 374 Winter 2017

10 Static checking A stronger type system or other code-analysis tool might take a program and examine it for various kinds of errors Plusses: earlier detection (“coverage” without running program), faster code Minus: Potential “false positives” (spec couldn’t ever actually be violated, but tool can’t prove that) Deep CS theory fact: Every code-analysis tool proving a non-trivial fact has either false positives (unwarranted warning) or false negatives (missed bug) or both Deep real-world fact: That doesn’t make them unuseful UW CSE 374 Winter 2017

Download ppt "CSE 374 Programming Concepts & Tools"

Similar presentations

Chapter 5 Errors Bjarne Stroustrup www.stroustrup.com/Programming.

Chapter 5 Errors Bjarne Stroustrup
Exceptions CSE301 University of Sunderland Harry Erwin, PhD.

Exceptions CSE301 University of Sunderland Harry Erwin, PhD.
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 8.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 8.
Detecting Bugs Using Assertions Ben Scribner. Defining the Problem  Bugs exist  Unexpected errors happen Hardware failures Loss of data Data may exist.

Detecting Bugs Using Assertions Ben Scribner. Defining the Problem  Bugs exist  Unexpected errors happen Hardware failures Loss of data Data may exist.
CMSC 202 Exceptions 2 nd Lecture. Aug 7, 20072 Methods may fail for multiple reasons public class BankAccount { private int balance = 0, minDeposit =

CMSC 202 Exceptions 2 nd Lecture. Aug 7, Methods may fail for multiple reasons public class BankAccount { private int balance = 0, minDeposit =
 Both System.out and System.err are streams—a sequence of bytes.  System.out (the standard output stream) displays output  System.err (the standard.

 Both System.out and System.err are streams—a sequence of bytes.  System.out (the standard output stream) displays output  System.err (the standard.
OOP #10: Correctness Fritz Henglein. Wrap-up: Types A type is a collection of objects with common behavior (operations and properties). (Abstract) types.

OOP #10: Correctness Fritz Henglein. Wrap-up: Types A type is a collection of objects with common behavior (operations and properties). (Abstract) types.
Options for User Input Options for getting information from the user –Write event-driven code Con: requires a significant amount of new code to set-up.

Options for User Input Options for getting information from the user –Write event-driven code Con: requires a significant amount of new code to set-up.
Computer Science 340 Software Design & Testing Design By Contract.

Computer Science 340 Software Design & Testing Design By Contract.
1 Debugging and Testing Overview Defensive Programming The goal is to prevent failures Debugging The goal is to find cause of failures and fix it Testing.

1 Debugging and Testing Overview Defensive Programming The goal is to prevent failures Debugging The goal is to find cause of failures and fix it Testing.
Testing Michael Ernst CSE 140 University of Washington.

Testing Michael Ernst CSE 140 University of Washington.
Testing CSE 140 University of Washington 1. Testing Programming to analyze data is powerful It’s useless if the results are not correct Correctness is.

Testing CSE 140 University of Washington 1. Testing Programming to analyze data is powerful It’s useless if the results are not correct Correctness is.
CS 261 – Data Structures Preconditions, Postconditions & Assert.

CS 261 – Data Structures Preconditions, Postconditions & Assert.
Exceptions and assertions CSE 331 University of Washington.

Exceptions and assertions CSE 331 University of Washington.
Reasoning about programs March 09 2011 CSE 403, Winter 2011, Brun.

Reasoning about programs March CSE 403, Winter 2011, Brun.
CSE 374 Programming Concepts & Tools Hal Perkins Fall 2015 Lecture 10 – C: the heap and manual memory management.

CSE 374 Programming Concepts & Tools Hal Perkins Fall 2015 Lecture 10 – C: the heap and manual memory management.
SWE 4743 Abstract Data Types Richard Gesick. SWE 4743 2-20 Abstract Data Types Object-oriented design is based on the theory of abstract data types Domain.

SWE 4743 Abstract Data Types Richard Gesick. SWE Abstract Data Types Object-oriented design is based on the theory of abstract data types Domain.
Programming & Debugging. Key Programming Issues Modularity Modifiability Ease of Use Fail-safe programming Style Debugging.

Programming & Debugging. Key Programming Issues Modularity Modifiability Ease of Use Fail-safe programming Style Debugging.
(c) University of Washington10-1 CSC 143 Java Errors and Exceptions Reading: Ch. 15.

(c) University of Washington10-1 CSC 143 Java Errors and Exceptions Reading: Ch. 15.
David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 10: Programming Exceptionally.

David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 10: Programming Exceptionally.

Similar presentations

Ads by Google