Presentation is loading. Please wait.

Presentation is loading. Please wait.

IMPORTANT NOTE Some parts of these section slides deal with null ints. This was a mistake, as primitives cannot be null. These issues have been corrected.

Published byBeate Aune Modified over 5 years ago

Similar presentations

Presentation on theme: "IMPORTANT NOTE Some parts of these section slides deal with null ints. This was a mistake, as primitives cannot be null. These issues have been corrected."— Presentation transcript:

1 IMPORTANT NOTE Some parts of these section slides deal with null ints. This was a mistake, as primitives cannot be null. These issues have been corrected.

2 Section 1: Intro and Specifications
CSE 331 AUT18 Section 1: Intro and Specifications

3 IntelliJ Setup Homework will be posted later today
Instructions for setup are posted If you try to follow them but run into problems, please come to office hours!

4 Welcome to section! We meet once a week on Thursdays
Different TAs teach section each week Section is not optional! Section is a supplement to lecture It gives you a chance to practice the material and make sure you understand it Sometimes, section may contain material that is not in lectures

5 What is a specification?
How you tell the client what your code does A “contract” between the developer and the user The developer promises to fulfill the specification The user agrees to only rely on functionality defined in the specification

6 Why do we need Specifications?
Other people use your code! Is it a good idea to share all of your source code with everyone who uses it? You don’t have a perfect memory Can you remember the details of a program you wrote 6 months ago? They encourage easy and understandable code

7 Format of a Specification
/** **/ methodName {…

8 Format of a Specification
PRECONDITION What your method requires to be true before it is called If the precondition is not met, there are no guarantees on the method’s behavior /** **/ methodName {… POSTCONDITION Guarantees the implementor makes about the program state after the method is called If the preconditions are satisfied, the postconditions must hold

9 Format of a Specification
PRECONDITION What your method requires to be true before it is called If the precondition is not met, there are no guarantees on the method’s behavior /** **/ methodName {… POSTCONDITION Guarantees the implementor makes about the program state after the method is called If the preconditions are satisfied, the postconditions must hold

10 Format of a Specification
PRECONDITION What your method requires to be true before it is called If the precondition is not met, there are no guarantees on the method’s behavior /** – Spells out properties the client must satisfy before the method is called **/ methodName {… POSTCONDITION Guarantees the implementor makes about the program state after the method is called If the preconditions are satisfied, the postconditions must hold

11 Format of a Specification
PRECONDITION What your method requires to be true before it is called If the precondition is not met, there are no guarantees on the method’s behavior /** – Spells out properties the client must satisfy before the method is called – Lists objects that may be altered by the method – Gives guarantees on how objects are modified by the method – Gives what the method returns – Lists exceptions thrown by the method **/ methodName {… POSTCONDITION Guarantees the implementor makes about the program state after the method is called If the preconditions are satisfied, the postconditions must hold

12 Satisfying Specifications
An implementation M satisfies a specification S if: When all the preconditions of S are met, All the postconditions of S are satisfied by M after it executes

13 Satisfying Specifications
/** Computes the area of a rectangle with *width w and length l the area of a rectangle with width *w and length l **/ Public int area(int w, int l) { if (w < 0 || l < 0) { throw new IllegalArgumentException(); } return l * w; Does the implementation satisfy this specification?

14 Satisfying Specifications
/** Computes the area of a rectangle with *width w and length l the area of a rectangle with width *w and length l **/ Public int area(int w, int l) { if (w < 0 || l < 0) { throw new IllegalArgumentException(); } return l * w; Does the implementation satisfy this specification? No! – The specification is violated when w and/or l are negative

15 Satisfying Specifications
/** Computes the area of a rectangle with *width w and length l the area of a rectangle with width *w and length l IllegalArgumentException if w < 0 or l < 0 **/ Public int area(int w, int l) { if (w < 0 || l < 0) { throw new IllegalArgumentException(); } return l * w; Does the implementation satisfy this specification?

16 Satisfying Specifications
/** Computes the area of a rectangle with *width w and length l the area of a rectangle with width *w and length l IllegalArgumentException if w < 0 or l < 0 **/ Public int area(int w, int l) { if (w < 0 || l < 0) { throw new IllegalArgumentException(); } return l * w; Does the implementation satisfy this specification? Yes! – The specification matches the implementation

17 Satisfying Specifications
/** Computes the area of a rectangle with *width w and length l w >= 0 and l >= 0 the area of a rectangle with width *w and length l **/ Public int area(int w, int l) { if (w < 0 || l < 0) { throw new IllegalArgumentException(); } return l * w; Does the implementation satisfy this specification?

18 Satisfying Specifications
/** Computes the area of a rectangle with *width w and length l w >= 0 and l >= 0 the area of a rectangle with width *w and length l **/ Public int area(int w, int l) { if (w < 0 || l < 0) { throw new IllegalArgumentException(); } return l * w; Does the implementation satisfy this specification? Yes! – Even though we didn’t document the IllegalArgumentException in tag, since we require w and l to be non-negative, we aren’t obligated to specify what happens when the user enters a negative w or l

19 Stronger vs Weaker Specifications
A specification R is stronger than another specification S if: Every implementation that satisfies R also satisfies S R has a weaker precondition and/or a stronger postcondition Both of these definitions are equivalent!

20 Stronger vs Weaker Preconditions
A precondition is weaker when it requires less from the user: Less requirements in tag

21 Stronger vs Weaker Preconditions
A precondition is weaker when it requires less from the user: Less requirements in tag Which specification has a weaker precondition? /** x > 0 x **/ /** x if x > 0, -x if x <= 0 **/

22 Stronger vs Weaker Preconditions
A precondition is weaker when it requires less from the user: Less requirements in tag Which specification has a weaker precondition? /** x > 0 x **/ /** x if x > 0, -x if x <= 0 **/

23 Stronger vs Weaker Postconditions
A postcondition is stronger when it makes more guarantees on the final program state after execution

24 Stronger vs Weaker Postconditions
A postcondition is stronger when it makes more guarantees on the final program state after execution Less objects in tag @spec.effects is harder to satisfy @returns is harder to satisfy Use a subtype of an exception

25 Stronger vs Weaker Postconditions
A postcondition is stronger when it makes more guarantees on the final program state after execution Less objects in tag @spec.effects is harder to satisfy @returns is harder to satisfy @throws Which specification has the stronger postcondition? /** x > 0 x **/ /** x if x > 0, -x if x <= 0 **/

26 Stronger vs Weaker Postconditions
A postcondition is stronger when it makes more guarantees on the final program state after execution Less objects in tag @spec.effects is harder to satisfy @returns is harder to satisfy Throw a more specific exception (a subtype) Which specification has the stronger postcondition? /** x > 0 x **/ /** x if x > 0, -x if x <= 0 **/

27 Stronger vs Weaker Specifications
Which specification is stronger? /** x IllegalArgumentException if x <= 0 **/ /** x if x > 0, -x if x <= 0 **/

28 Stronger vs Weaker Specifications
Which specification is stronger? /** x IllegalArgumentException if x <= 0 **/ /** x if x > 0, -x if x <= 0 **/ Both have different behavior for x <= 0. They are both incomparable.

29 Worksheet

Download ppt "IMPORTANT NOTE Some parts of these section slides deal with null ints. This was a mistake, as primitives cannot be null. These issues have been corrected."

Similar presentations

Exceptions CSE301 University of Sunderland Harry Erwin, PhD.

Exceptions CSE301 University of Sunderland Harry Erwin, PhD.
Karlstad University Computer Science Design Contracts and Error Management Design Contracts and Errors A Software Development Strategy Eivind J. Nordby.

Karlstad University Computer Science Design Contracts and Error Management Design Contracts and Errors A Software Development Strategy Eivind J. Nordby.
Data Abstraction II SWE 619 Software Construction Last Modified, Spring 2009 Paul Ammann.

Data Abstraction II SWE 619 Software Construction Last Modified, Spring 2009 Paul Ammann.
Error Management with Design Contracts Karlstad University Computer Science Error Management with Design Contracts Eivind J. Nordby, Martin Blom, Anna.

Error Management with Design Contracts Karlstad University Computer Science Error Management with Design Contracts Eivind J. Nordby, Martin Blom, Anna.
1 Design by Contract Building Reliable Software. 2 Software Correctness Correctness is a relative notion  A program is correct with respect to its specification.

1 Design by Contract Building Reliable Software. 2 Software Correctness Correctness is a relative notion  A program is correct with respect to its specification.
Component-Based Software Engineering Components and Interfaces Paul Krause.

Component-Based Software Engineering Components and Interfaces Paul Krause.
Software Testing and Quality Assurance

Software Testing and Quality Assurance
Object-Oriented Analysis and Design Lecture 8 State Space, Behavior, and Type Conformance.

Object-Oriented Analysis and Design Lecture 8 State Space, Behavior, and Type Conformance.
Copyright 2006 by Pearson Education 1 Building Java Programs Chapter 8: Classes and Objects.

Copyright 2006 by Pearson Education 1 Building Java Programs Chapter 8: Classes and Objects.
Karlstad University Computer Science Design Contracts and Error Management Design Contracts and Errors A Software Development Strategy (anpassad för PUMA)

Karlstad University Computer Science Design Contracts and Error Management Design Contracts and Errors A Software Development Strategy (anpassad för PUMA)
CSC 395 – Software Engineering Lecture 21: Overview of the Term & What Goes in a Data Dictionary.

CSC 395 – Software Engineering Lecture 21: Overview of the Term & What Goes in a Data Dictionary.
Eiffel Language and Design by Contract Contract –An agreement between the client and the supplier Characteristics –Expects some benefits and is prepared.

Eiffel Language and Design by Contract Contract –An agreement between the client and the supplier Characteristics –Expects some benefits and is prepared.
Computer Science 340 Software Design & Testing Design By Contract.

Computer Science 340 Software Design & Testing Design By Contract.
Component-Based Software Engineering Components and Interfaces Paul Krause.

Component-Based Software Engineering Components and Interfaces Paul Krause.
Procedure specifications CSE 331. Outline Satisfying a specification; substitutability Stronger and weaker specifications - Comparing by hand - Comparing.

Procedure specifications CSE 331. Outline Satisfying a specification; substitutability Stronger and weaker specifications - Comparing by hand - Comparing.
Contract based programming Using pre- and post-conditions, and object invariants Contract based programming1.

Contract based programming Using pre- and post-conditions, and object invariants Contract based programming1.
SWE 619 © Paul Ammann Procedural Abstraction and Design by Contract Paul Ammann Information & Software Engineering SWE 619 Software Construction cs.gmu.edu/~pammann/

SWE 619 © Paul Ammann Procedural Abstraction and Design by Contract Paul Ammann Information & Software Engineering SWE 619 Software Construction cs.gmu.edu/~pammann/
Utilities (Part 2) Implementing static features 1.

Utilities (Part 2) Implementing static features 1.
Low-Level Detailed Design SAD (Soft Arch Design) Mid-level Detailed Design Low-Level Detailed Design Design Finalization Design Document.

Low-Level Detailed Design SAD (Soft Arch Design) Mid-level Detailed Design Low-Level Detailed Design Design Finalization Design Document.
CS 261 – Data Structures Preconditions, Postconditions & Assert.

CS 261 – Data Structures Preconditions, Postconditions & Assert.

Similar presentations

Ads by Google