Download presentation
Presentation is loading. Please wait.
1
Design by Contract – Exceptions
9/10/2019 8:50 AM COSC3311 – Software Design Design by Contract – Exceptions Object Oriented Software Construction /09/2019 8:50 AM 0
2
OOSC2 Ch. 12 Exceptions Correct use of exceptions Division by zero
Run out of memory when creating an object A void call A contract violation (See OOSC2 page 413) Correct use of exceptions Technique of last resort! Do not use it for normal flow of control Object Oriented Software Construction /09/2019 8:50 AM 1
3
Rescue Clause count: INTEGER transmit (m: MESSAGE) -- transmit ‘m’ on redundant channels 1..count local i: INTEGER do sent_to_transmitter(m,i) rescue i := i + 1 if i <= count then retry end Object Oriented Software Construction /09/2019 8:50 AM 2
4
The original strategy r (...) is require ... do op1 op2 opi opn rescue
end Fails, triggering an exception in r (r is recipient of exception). Object Oriented Software Construction /09/2019 8:50 AM 3
5
The call chain Routine call r0 r1 r2 r3 r4
Object Oriented Software Construction /09/2019 8:50 AM 4
6
Handling exceptions properly
Safe exception handling principle: There are only two acceptable ways to react for the recipient of an exception: Concede failure, and trigger an exception in the caller (Organized Panic). Try again, using a different strategy (or repeating the same strategy) (Retrying). Object Oriented Software Construction /09/2019 8:50 AM 5
7
9/10/2019 8:50 AM How not to do it Normal Return to Caller as if nothing strange has happened (might cause an artillery shot to head in the wrong direction) (From an Ada textbook) sqrt (x: REAL) return REAL is begin if x < 0.0 then raise Negative; else normal_square_root_computation; end exception when Negative => put ("Negative argument"); return; when others => Ada does not have assertions – hence defensive for negative The main problem is that put(“Negative argument”) return will return to the original caller as if nothing strange has happened (this might direct the artillery shot in the wrong direction). Object Oriented Software Construction /09/2019 8:50 AM 6
8
Java Version – also problematic
public class Sample { public static void main (String[] args) { System.out.println(sqrt(523)); //23 x 23 } private static double sqrt (double i) { double result = -1; try{ result = Math.sqrt(i); } catch (ArithmeticException ae){ System.out.println("Real numbers only!"); // i.e. do a normal return // as if nothing has happened! } return result; } } Object Oriented Software Construction /09/2019 8:50 AM 7
9
Better Java Code Assume we create a subclass of java.lang.Exception called SquareRootException. The sqrt method should be changed as follows: private static double sqrt (double x) throws SquareRootException { double result = -1; try {result = Math.sqrt(x)} catch (ArithmeticException ae) { throw new SquareRootException ("Bad param:"+x); } return result; } Object Oriented Software Construction /09/2019 8:50 AM 8
10
Dealing with Exceptions in Java
9/10/2019 8:50 AM Dealing with Exceptions in Java We as programmers want to write quality code that solves problems. Unfortunately, exceptions come as side effects of our code. No one likes side effects, so we soon find our own ways to get around them. I have seen some smart programmers deal with exceptions the following way: public void consumeAndForgetAllExceptions () { try { ...some code that throws exceptions } catch (Exception ex){ ex.printStacktrace(); } } What is wrong with the code above? Once an exception is thrown, normal program execution is suspended and control is transferred to the catch block. The catch block catches the exception and just suppresses it. Execution of the program continues after the catch block, as if nothing had happened. Object Oriented Software Construction /09/2019 8:50 AM 9
11
Better public void dontconsumeAndForgetAllExceptions () {
try { ...some code that throws exceptions } catch (Exception ex) { throw new RuntimeException(ex); } Object Oriented Software Construction /09/2019 8:50 AM
12
Eiffel Exception mechanism
Two constructs: A routine may contain a rescue clause. A rescue clause may contain a retry instruction. A rescue clause that does not execute a retry leads to failure of the routine (this is the organized panic case). Object Oriented Software Construction /09/2019 8:50 AM
13
Transmitting over an unreliable line (1)
Max_attempts: INTEGER is 100 attempt_transmission (message: STRING) is -- Transmit message in at most -- Max_attempts attempts. local failures: INTEGER do unsafe_transmit (message) rescue failures := failures if failures < Max_attempts then retry end end Object Oriented Software Construction /09/2019 8:50 AM
14
Transmitting over an unreliable line (2)
Max_attempts: INTEGER = 100 failed: BOOLEAN attempt_transmission (message: STRING) Try to transmit message; -- if impossible in at most Max_attempts -- attempts, set failed to true. local failures: INTEGER do if failures < Max_attempts then unsafe_transmit (message) else failed := True end rescue failures := failures + 1 retry Object Oriented Software Construction /09/2019 8:50 AM
15
If no exception clause (1)
Absence of a rescue clause is equivalent, in first approximation, to an empty rescue clause: f (...) is do end is an abbreviation for f (...) is do rescue -- Nothing here end (This is a provisional rule; see next.) Object Oriented Software Construction /09/2019 8:50 AM
16
The correctness of a class
create a.make (…) (1-n) For every exported routine r: {INV and prer} dor {INV and postr} (1-m) For every creation procedure cp: {precp} docp {postcp and INV} S1 a.f (…) S2 a.g (…) S3 a.f (…) S4 Object Oriented Software Construction /09/2019 8:50 AM
17
Exception correctness: A quiz
For the normal body: {INV and prer} dor {INV and postr} For the exception clause: { ??? } rescuer { ??? } Object Oriented Software Construction /09/2019 8:50 AM
18
Quiz answers For the normal body: {INV and prer} dor {INV and postr}
For the exception clause: {True} rescuer {INV} Object Oriented Software Construction /09/2019 8:50 AM
19
If no exception clause (2)
Absence of a rescue clause is equivalent to a default rescue clause: f (...) is do end is an abbreviation for f (...) is do rescue default_rescue end The task of default_rescue is to restore the invariant. Object Oriented Software Construction /09/2019 8:50 AM
20
The Cook and the Firefighter (1)
Two noble professions Cook Firefighter Object Oriented Software Construction /09/2019 8:50 AM
21
The Cook and the Firefighter (2)
assumes when showing up for work that the restaurant is not on fire (invariant) must prepare a good meal (postcondition) Firefighter May assume nothing about the state of the restaurant on first entry (True precondition) Returns the restaurant to the non-burning state (invariant) Not responsible for cooking a meal. Object Oriented Software Construction /09/2019 8:50 AM
22
For finer-grain exception handling
Use class EXCEPTIONS from the Kernel Library. Some features: exception (code of last exception that was triggered). is_assertion_violation, etc. raise (“exception_name”) Object Oriented Software Construction /09/2019 8:50 AM
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.