Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Science 340 Software Design & Testing

Published byประเวศ ชินวัตร Modified over 5 years ago

Similar presentations

Presentation on theme: "Computer Science 340 Software Design & Testing"— Presentation transcript:

1 Computer Science 340 Software Design & Testing
Design By Contract

2 Abstract Data Types Object-oriented design is based on the theory of abstract data types Domain and implementation concepts are modeled in software as ADTs Interfaces capture the essence of an ADT Examples: NetworkDevice, Stack Classes provide implementations of ADTs

3 Abstract Data Types Even if a class doesn’t implement a pre-defined interface, it still defines an ADT as embodied in its public interface In this case, the ADT definition is combined with its implementation Explicit interfaces are used if we expect to have multiple implementations of the ADT interface List, class ArrayList, class LinkedList, … If we expect an ADT to have only one implementation, we often combine the ADT definition and implementation in the same class Example: Matrix

4 Defining ADTs ADT = syntax + semantics
Each ADT operation has: name, parameter list, return type ADT clients must conform to this syntax, or they will fail to compile Each ADT operation also has semantics: What is the meaning of the operation? What does it do? Classes that implement ADTs must faithfully adhere to operation semantics as well as syntax What would happen if ArrayStack’s push implementation fires a nuclear missile rather than pushing a value on the stack?

5 Defining ADTs Source code precisely defines ADT syntax
Compilers enforce ADT syntax Source code does not precisely define semantics Compilers cannot enforce semantics ADT semantics are typically defined by comments in the code, if they’re defined at all Comment each operation explaining what it does Example: Stack, Matrix

6 Defining ADTs Imprecise or incomplete definitions of ADT semantics lead to reliability problems: Clients and implementers have different ideas of what an operation does Differing assumptions lead to defects Reliability is even more important in object-oriented programming than elsewhere. Why?

7 Design By Contract DBC is a technique for more precisely defining ADT semantics, thus preventing misunderstandings DBC is based on the real-world notion of a legal contract A contract involves a “client” and a “supplier” Each side has obligations and expected benefits, which are precisely defined in the contract If a party performs their obligations, they are guaranteed to receive the promised benefits

8 Defining operation semantics: Pre-conditions & Post-conditions
An ADT is a contract between client and supplier Each operation has Pre-conditions and Post-conditions Pre-conditions are the client’s obligations Post-conditions are the supplier’s obligations The pre-conditions and post-conditions define the semantics of the operation Examples: Stack, Matrix

9 Defining operation semantics: Pre-conditions & Post-conditions
If a client invokes an operation having satisfied all pre-conditions, the supplier must ensure that all post-conditions are met upon return If the client did not satisfy all pre-conditions, the supplier is under no obligation to satisfy the post-conditions. The supplier could: Return an error or throw an exception Just fail (crash, return bad results, etc.)

10 Exceptions What if the caller satisfied the pre-conditions, but for some reason the supplier is unable to satisfy the post-conditions? The supplier throws an exception or returns an error Why might a supplier fail to satisfy the post-conditions? External factors beyond supplier’s control (hard disk crash, Internet down, etc.) If the client fails to meet pre-conditions, the supplier can throw an exception or return an error if it wants to, but isn’t required to

11 Exceptions If an operation could throw an exception or return an error, the contract should explicitly define the possible exceptions/errors so clients can handle them

12 Class Invariants Pre and Post-conditions apply only to single operations Some supplier obligations apply to every operation on the ADT Class Invariants are post-conditions that apply to every operation Examples: Stack, Matrix

13 Class Invariants What is a constructor’s job?
Constructors must establish all class invariants When a constructor completes, all class invariants must be satisfied If a constructor cannot establish the class invariants, it should throw an exception In addition to their post-conditions, public operations must also ensure that all class invariants are satisfied upon return I.E., the class invariants are ANDed with the post-conditions of every public operation Class invariants may be temporarily violated while a public operation is executing, but they must be reestablished before the operation returns

14 Testing How do you test? Guidelines
If statements Assertions Guidelines Do not use assertions to test parameters on public methods Do not use assertions to do any work your program requires for correct operation Use for Internal invariants, control flow invariants Pre, post, invariants for private methods By default, assertions are disabled Use the JVM –ea flag to enable assertions (i.e. java –ea <ClassName>)

15 Java Assertion Syntax assert expression1;
expression1 must evaluate to a boolean and will result in an AssertionError being thrown if false assert expression1 : expression2; Expression2 (if present) becomes the message in the AssertionError

16 DBC vs. Defensive Programming
Defensive Programming says: Operation implementations should be bullet-proof Check all parameters for validity before using them Return error or throw exception if parameters are invalid, but never crash Puts heavy burden on the supplier Results in lots of parameter checking code Client and supplier often have redundant checks Results in more code (harder to maintain) Slows programs down (too much redundant checking)

17 DBC vs. Defensive Programming
DBC says: Ensuring that pre-conditions are met is the client’s job Operation implementations need not contain code to verify that pre-conditions were met (e.g., no parameter checking code) If pre-conditions are not met and something unseemly occurs, it is the client’s fault, and they got what they deserved Suppliers must throw an exception if post-conditions cannot be met Puts more burden on clients Results in less and more efficient code As a debugging tool, operation implementations may include assert statements to verify that pre-conditions were met, but this is optional, and all assertions should be turned off in the final release of the software

18 DBC vs. Defensive Programming
Designers must make a conscious choice between Defensive Programming and DBC

19 Documenting ADTs with javadoc
Interfaces and classes Header comment @invariant (custom tag) Operations @pre (custom tag) @post (custom tag) @param @returns (this is really a post-condition) @throws

20 Documenting ADTs with javadoc
javadoc will generate HTML documentation for your interfaces and classes Running javadoc: javadoc -tag invariant:t:"Class Invariants:" -tag pre:cm:"Pre-Conditions:" -tag post:cm:"Post-Conditions:" MyClass.java

Download ppt "Computer Science 340 Software Design & Testing"

Similar presentations

Design by Contract.

Design by Contract.
Carlos D. Rivera February 28, 2007 Design-by-Contract.

Carlos D. Rivera February 28, 2007 Design-by-Contract.
11-Jun-14 The assert statement. 2 About the assert statement The purpose of the assert statement is to give you a way to catch program errors early The.

11-Jun-14 The assert statement. 2 About the assert statement The purpose of the assert statement is to give you a way to catch program errors early The.
1. Define the concept of assertions. 1 Explain the use of assertions. 2 Create Java program using assertions. 3 Run Java program using assertions. 4 2.

1. Define the concept of assertions. 1 Explain the use of assertions. 2 Create Java program using assertions. 3 Run Java program using assertions. 4 2.
Detecting Bugs Using Assertions Ben Scribner. Defining the Problem  Bugs exist  Unexpected errors happen Hardware failures Loss of data Data may exist.

Detecting Bugs Using Assertions Ben Scribner. Defining the Problem  Bugs exist  Unexpected errors happen Hardware failures Loss of data Data may exist.
1 CSE 403 Design by Contract Reading: Pragmatic Programmer Ch. 4, Object-Oriented Design and Patterns, Ch. 3 (Horstmann) These lecture slides are copyright.

1 CSE 403 Design by Contract Reading: Pragmatic Programmer Ch. 4, Object-Oriented Design and Patterns, Ch. 3 (Horstmann) These lecture slides are copyright.
Design by Contract. Design by contract is the process of developing software based on the notion of contracts between objects, which are expressed as.

Design by Contract. Design by contract is the process of developing software based on the notion of contracts between objects, which are expressed as.
Data Abstraction II SWE 619 Software Construction Last Modified, Spring 2009 Paul Ammann.

Data Abstraction II SWE 619 Software Construction Last Modified, Spring 2009 Paul Ammann.
An Introduction to Java Programming and Object- Oriented Application Development Chapter 8 Exceptions and Assertions.

An Introduction to Java Programming and Object- Oriented Application Development Chapter 8 Exceptions and Assertions.
 Both System.out and System.err are streams—a sequence of bytes.  System.out (the standard output stream) displays output  System.err (the standard.

 Both System.out and System.err are streams—a sequence of bytes.  System.out (the standard output stream) displays output  System.err (the standard.
1 Design by Contract Building Reliable Software. 2 Software Correctness Correctness is a relative notion  A program is correct with respect to its specification.

1 Design by Contract Building Reliable Software. 2 Software Correctness Correctness is a relative notion  A program is correct with respect to its specification.
Chapter 8 Designing Classes. Assignment Chapter 9 Review Exercises (Written)  R8.1 – 8.3, 8.5 – 8.7, 8. 10, 8.11, 8.13, 8.15, 8.19, 8.20 Due Friday,

Chapter 8 Designing Classes. Assignment Chapter 9 Review Exercises (Written)  R8.1 – 8.3, 8.5 – 8.7, 8. 10, 8.11, 8.13, 8.15, 8.19, 8.20 Due Friday,
The Java Assert Statement. 2 Assert A Java statement in JDK 1.4 & newer Intent: enables code to test assumptions. E.g., a method that calculates a particle’s.

The Java Assert Statement. 2 Assert A Java statement in JDK 1.4 & newer Intent: enables code to test assumptions. E.g., a method that calculates a particle’s.
Software Testing and Quality Assurance

Software Testing and Quality Assurance
Static and Dynamic Contract Verifiers For Java Hongming Liu.

Static and Dynamic Contract Verifiers For Java Hongming Liu.
CSC 395 – Software Engineering Lecture 21: Overview of the Term & What Goes in a Data Dictionary.

CSC 395 – Software Engineering Lecture 21: Overview of the Term & What Goes in a Data Dictionary.
Eiffel Language and Design by Contract Contract –An agreement between the client and the supplier Characteristics –Expects some benefits and is prepared.

Eiffel Language and Design by Contract Contract –An agreement between the client and the supplier Characteristics –Expects some benefits and is prepared.
Lecturer: Dr. AJ Bieszczad Chapter 76-1 Software engineering standards Standards for you Standards for others Matching design with implementation.

Lecturer: Dr. AJ Bieszczad Chapter 76-1 Software engineering standards Standards for you Standards for others Matching design with implementation.
Computer Science 340 Software Design & Testing Design By Contract.

Computer Science 340 Software Design & Testing Design By Contract.
Ranga Rodrigo. Class is central to object oriented programming.

Ranga Rodrigo. Class is central to object oriented programming.

Similar presentations

Ads by Google