Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 CSE 403 Design by Contract Reading: Pragmatic Programmer Ch. 4, Object-Oriented Design and Patterns, Ch. 3 (Horstmann) These lecture slides are copyright.

Published byKatelin Stewart Modified over 10 years ago

Similar presentations

Presentation on theme: "1 CSE 403 Design by Contract Reading: Pragmatic Programmer Ch. 4, Object-Oriented Design and Patterns, Ch. 3 (Horstmann) These lecture slides are copyright."— Presentation transcript:

1 1 CSE 403 Design by Contract Reading: Pragmatic Programmer Ch. 4, Object-Oriented Design and Patterns, Ch. 3 (Horstmann) These lecture slides are copyright (C) Marty Stepp, 2007. They may not be rehosted, sold, or modified without expressed permission from the author. All rights reserved.

2 2 Outline Programming by contract Preconditions Exceptions in the contract Assertions Postconditions Invariants

3 3 Design by contract What is meant by "design by contract" or "programming by contract"? contract: An agreement between classes/objects and their clients about how they will be used. used to assure that objects always have valid state non-software contracts: bank terms, product warning labels To ensure every object is valid, show that: constructors create only valid objects all mutators preserve validity of the object What is the cost of enforcing a contract?

4 4 Example contract issue A potential problem situation: queue class with remove or dequeue method client may try to remove from an empty queue What are some options for how to handle this? declare it as an error (an exception) tolerate the error (return null) print an error message inside the method bad because it should leave this up to the caller repair the error in some way (retry, etc.) bad because it should leave this up to the caller The decision we make here becomes part of the contract of the queue class!

5 5 Programming by contract What is a precondition? What happens when a precondition is not met? precondition: Something that must be true before object promises to do its work. Example: A hash map class has a put(key, value) and a get(key) method. A precondition of the get method is that the key was not modified since the time you put it into the hash map. If precondition is violated, object may choose any action it likes If key was modified, the hash map may state that the key/value is not found, even though it is in the map. Document preconditions in Javadoc with @pre.condition tag.

6 6 Precondition example Binary search on an array of int s: Java API link Searches the specified array of ints for the specified value using the binary search algorithm. The array must be sorted (as by the sort method, above) prior to making this call. If it is not sorted, the results are undefined. If the array contains multiple elements with the specified value, there is no guarantee which one will be found.Java API link Q: why doesn't Sun just check whether the array is sorted, and sort it if it isn't? Or why not check whether the array is sorted and throw an exception if it isn't? sort is costly (sort takes O(n log n) or worse time; search is O(log n)) sort modifies the input array; binarySearch would not be read-only checking to see whether the array is sorted is costly (isSorted takes O(n)); omitting this check and assuming it to be true makes binary search run much faster

7 7 Exceptions in the contract A precondition is something assumed to be true (and, as far as the client knows, not checked for by the callee) NOT the same thing as throwing an exception on precondition violation Example: A Stack class has a pop method to remove and return the top element. Making the stack throw an exception when the client calls pop on an empty stack is not a precondition. The caller can see that the callee checks for this and has a predictable action when it fails. We say instead that the EmptyStackException is part of the contract. Document exceptions in Javadoc with @throws tag.

8 8 Example contract question Consider an Account class that stores a user name and password. Neither should ever be null, and the password should have at least 3 unique characters in it and should be at least 6 characters long. The class exposes only a constructor and setPassword. If the account is constructed with arguments that violate any of these conditions, an appropriate exception should be thrown. If the client tries to set the name or password to a value that violates any of these conditions, an appropriate exception should be thrown. Write the code for such an account class, making sure to document the various exceptions that can occur.

9 9 Example exception code /** Constructs a new account with the given name and password. * @throws NullPointerException if name or password is null. * @throws IllegalArgumentException if password has fewer than 6 * characters or fewer than 3 unique characters. */ public Account(String name, String password) { if (name == null || password == null) throw new NullPointerException(); else if (password.length() < 6 || getUnique(password) < 3) throw new IllegalArgumentException(password); this.name = name; this.password = password; } public void setPassword(String password) { if (password == null) throw new NullPointerException(); else if (password.length() < 6 || getUnique(password) < 3) throw new IllegalArgumentException(password); this.password = password; } How could this code be improved?

10 10 What makes a precondition? It must be something testable from the outside. Client code should be able to claim that it has met all preconditions before it calls your code. Don't make a precondition that can only be verified by using private data. Example: a swapTop2 method with a precondition that the Stack 's ( private int ) size >= 2, if client code can only check whether it isEmpty() Don't make it a precondition if they can't verify it beforehand. Bad example: "precondition: file exists and can be read" How can the client verify this? It is unpredictable. Even if caller does check this, it could be changed when the object tries to read it.

11 11 What about other tests? If an object shouldn't have code that checks whether its preconditions are true (and throw exceptions etc. if not), how do we catch bugs where a client accidentally calls the code with a false precondition? assertion: A fail-fast way to test for error conditions that should never occur. Use assertions to verify preconditions when testing and debugging your code. Don't over-rely on assertions; they are more commonly used for things that NEVER should happen! Exceptions in the contract are more common. When an assertion fails, this is considered an error on the part of the developer and should be fixed immediately.

12 12 Assertions in Java Java assert statements assert ; assert : ; enabling assertions when compiling: javac -source 1.5 ClassName.java when running: java -ea ClassName In C/C++, assert is a compile-time thing. In Java, can selectively en/disable assertions at runtime. Assertions should NOT be enabled in a shipping product; the user gets unfriendly error message, can't fix it or recover.

13 13 Example assertion code Consider int array binary search code: /** Returns index of value n in array a. * @pre.condition The array a is in sorted order. */ public static void binarySearch(int[] a, int n) { assert isSorted(a) : "Array must be sorted";... } private static boolean isSorted(int[] a) { for (int i = 0; i < a.length - 1; i++) if (a[i] > a[i+1]) return false; return true; }

14 14 Debug and ship builds Most companies have at least two versions of their code: debug build : has special code only for the developer debug print statements or graphical output assertions for pre/postconditions, invariants ship build : meant to be used by customers Users expect reasonable performance and reliability. The app should not spend a lot of time checking for pre/post or invariants (in ship build). The same code is used to make debug and ship build. special flags (e.g. DEBUG_MODE) turn on and off debug code in Java, VM can be run with flags to turn on/off debug also

15 15 Postconditions What is a postcondition? Whose fault is it when a postcondition is not met, and what should be done? postcondition: Something that must be true upon completion of the object's work. Example: At end of sort(int[]), the array is in sorted order. Check them with statements at end of methods, if needed. A postcondition being violated is object's (your) own fault. Assert the postcondition, so it crashes if not met. Don't throw an exception -- it's not the client's fault! Document postconditions in Javadoc with @post.condition

16 16 Class invariants What is a class invariant? How is it enforced? class invariant: A logical condition that always holds for any object of a class. Example: Our account's balance should never be negative. Similar to loop invariants, which are statements that must be true on every iteration of a loop. Can be tested at start or end of every method. Assert your invariants, so it crashes if they are not met don't throw an exception -- it's not the client's fault! Document class invariants in the Javadoc comment header at the top of the class. (no special tag)

17 17 Running Javadoc with tags javadoc -source 1.5 -d output_folder_name -tag pre.condition:cm:"Precondition:" -tag post.condition:cm:"Postcondition:" file_name.java Javadoc output will show pre, postconditions

18 18 Which one is it? (1) Is each of the following best done as a precondition, postcondition, invariant, an exception in the contract, or none? Our Queue class's underlying linked list must never be null. Once we add an element to our SortedLinkedList, the list should be in sorted order. No one should try to add a null element to our PlayerList. Our ArrayList class's capacity should always be larger than its size. We don't allow computer-only games, so when constructing a new Game object, the array of players they pass should not be composed entirely of computer players. In our Dictionary class, they construct the dictionary object by passing in the filename full of words to read. Each line of that file should contain a valid English word. Our LinkedList class has a sort method that arranges the elements according to their compareTo method. To do the sort, every element in the list must be Comparable and of the same type. (The LinkedList is able to hold non- Comparable elements if so desired, just not sort them.)

19 19 Which one is it? (2) Is each of the following best done as a precondition, postcondition, invariant, an exception in the contract, or none? Our PlayerList has a current player index. This index should always be between 0 and the number of players. Our Game has a public play method, but some plays are not valid at any given time. We also have a canPlay method that tells whether the move would be valid. How should play respond when an attempt is made to make an invalid play? Every square on the board should be occupied by a Player who is in the game. Our PlayerList has a getHighScoringPlayer method that examines the list of players and returns the player with the highest score. The Player object that we return should never be null. Also, no one should call getHighScoringPlayer if the PlayerList is empty. When a Player is constructed, their board letter should not be the same as the EMPTY board square letter constant.

20 20 References Java Tutorial: Programming with Assertions. http://java.sun.com/j2se/1.4/docs/guide/lang/assert.html Java Boutique: Assertions in Java. http://javaboutique.internet.com/tutorials/assertions/ Sample chapter on assertions in Java. http://www.ii.uib.no/~khalid/pgjc/jcbook/JC2_Ch05-assertions-excerpt.pdf

Download ppt "1 CSE 403 Design by Contract Reading: Pragmatic Programmer Ch. 4, Object-Oriented Design and Patterns, Ch. 3 (Horstmann) These lecture slides are copyright."

Similar presentations

Chapter 17 Failures and exceptions. This chapter discusses n Failure. n The meaning of system failure. n Causes of failure. n Handling failure. n Exception.

Chapter 17 Failures and exceptions. This chapter discusses n Failure. n The meaning of system failure. n Causes of failure. n Handling failure. n Exception.
Basic Java Constructs and Data Types – Nuts and Bolts

Basic Java Constructs and Data Types – Nuts and Bolts
1 Exceptions: An OO Way for Handling Errors Rajkumar Buyya Grid Computing and Distributed Systems (GRIDS) Laboratory Dept. of Computer Science and Software.

1 Exceptions: An OO Way for Handling Errors Rajkumar Buyya Grid Computing and Distributed Systems (GRIDS) Laboratory Dept. of Computer Science and Software.
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Program Verification Using the Spec# Programming System ETAPS Tutorial K. Rustan M. Leino, Microsoft Research, Redmond Rosemary Monahan, NUIM Maynooth.

Program Verification Using the Spec# Programming System ETAPS Tutorial K. Rustan M. Leino, Microsoft Research, Redmond Rosemary Monahan, NUIM Maynooth.
11 Copyright © 2005, Oracle. All rights reserved. Using Arrays and Collections.

11 Copyright © 2005, Oracle. All rights reserved. Using Arrays and Collections.
Lecture 15 Linked Lists part 2

Lecture 15 Linked Lists part 2
Copyright W. Howden1 Programming by Contract CSE 111 6/4/2014.

Copyright W. Howden1 Programming by Contract CSE 111 6/4/2014.
Exceptions CSE301 University of Sunderland Harry Erwin, PhD.

Exceptions CSE301 University of Sunderland Harry Erwin, PhD.
11-Jun-14 The assert statement. 2 About the assert statement The purpose of the assert statement is to give you a way to catch program errors early The.

11-Jun-14 The assert statement. 2 About the assert statement The purpose of the assert statement is to give you a way to catch program errors early The.
1. Define the concept of assertions. 1 Explain the use of assertions. 2 Create Java program using assertions. 3 Run Java program using assertions. 4 2.

1. Define the concept of assertions. 1 Explain the use of assertions. 2 Create Java program using assertions. 3 Run Java program using assertions. 4 2.
1.A computer game is an example of A.system software; B.a compiler; C.application software; D.hardware; E.none of the above. 2.JVM stands for: A.Java Virtual.

1.A computer game is an example of A.system software; B.a compiler; C.application software; D.hardware; E.none of the above. 2.JVM stands for: A.Java Virtual.
Lilian Blot VARIABLE SCOPE EXCEPTIONS FINAL WORD Final Lecture Spring 2014 TPOP 1.

Lilian Blot VARIABLE SCOPE EXCEPTIONS FINAL WORD Final Lecture Spring 2014 TPOP 1.
Practice Session 5 Java: Packages Collection Classes Iterators Generics Design by Contract Test Driven Development JUnit.

Practice Session 5 Java: Packages Collection Classes Iterators Generics Design by Contract Test Driven Development JUnit.
Building Java Programs Chapter 14

Building Java Programs Chapter 14
Yoshi

Yoshi
CMSC 202 Exceptions 2 nd Lecture. Aug 7, 20072 Methods may fail for multiple reasons public class BankAccount { private int balance = 0, minDeposit =

CMSC 202 Exceptions 2 nd Lecture. Aug 7, Methods may fail for multiple reasons public class BankAccount { private int balance = 0, minDeposit =
©TheMcGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 8 Exceptions and Assertions.

©TheMcGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 8 Exceptions and Assertions.
An Introduction to Java Programming and Object- Oriented Application Development Chapter 8 Exceptions and Assertions.

An Introduction to Java Programming and Object- Oriented Application Development Chapter 8 Exceptions and Assertions.
 Both System.out and System.err are streams—a sequence of bytes.  System.out (the standard output stream) displays output  System.err (the standard.

 Both System.out and System.err are streams—a sequence of bytes.  System.out (the standard output stream) displays output  System.err (the standard.

Similar presentations

Ads by Google