Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Advanced Material The following slides contain advanced material and are optional.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Advanced Material The following slides contain advanced material and are optional."— Presentation transcript:

1 1 Advanced Material The following slides contain advanced material and are optional.

2 2 Outline  Void-safety  Problem of void-calls  A solution to void-calls  Attached types  Certified attachment patterns  Object test  Void-safety in other languages For detailed information, see “Avoid a Void: The eradication of null dereferencing” http://s.eiffel.com/void_safety_paper http://s.eiffel.com/void_safety_paper

3 3 From the inventor of null references I call it my billion-dollar mistake. It was the invention of the null reference in 1965. At that time, I was designing the first comprehensive type system for references in an object oriented language (ALGOL W). My goal was to ensure that all use of references should be absolutely safe, with checking performed automatically by the compiler. But I couldn't resist the temptation to put in a null reference, simply because it was so easy to implement. This has led to innumerable errors, vulnerabilities, and system crashes, which have probably caused a billion dollars of pain and damage in the last forty years. By Tony Hoare, 2009

4 4 Problem of void-calls  Entities are either  Attached: referencing an object  Detached: void  Calls on detached entities produce a runtime error  Runtime errors are bad... How can we prevent this problem?

5 5 Solution to void-calls  Statically attached: checked at compile time  Dynamically attached: attached at runtime  Consistency: A call f.x (...) is only allowed, if f is statically attached. If f is statically attached, its possible runtime values are dynamically attached.

6 6 Statically attached entities  Attached types  Types which cannot be void  x: attached STRING  Certified attachment patterns (CAP)  Code pattern where attachment is guaranteed  if x /= Void then x.f end (where x is a local)  Object test  Assign result of arbitrary expression to a local  Boolean value indicating if result is attached  if attached x as l then l.f end

7 7 Attached types  Can declare type of entities as attached or detachable  att: attached STRING  det: detachable STRING  Attached types  Can call features: att.to_upper  Can be assign to detachable: det := att  Cannot be set to void: att := Void  Detachable types  No feature calls: det.to_upper  Cannot be assign to attached: att := det  Can be set to void: det := Void

8 8 Attached types (cont.)  Entities need to be initialized  Detachable: void  Attached: assignment or creation  Initialization rules for attached types  Locals: before first use  Attributes: at end of each creation routine  Compiler uses simple control-flow analysis  Types without attachment mark  Currently defaults to detachable  In future will be switched to attached

9 9 Attached types demo  EiffelStudio settings  Declaration  Error messages

10 10 Certified attachment pattern (CAP)  Code patterns where attachment is guaranteed  Basic CAP for locals and arguments  Void check in conditional or semi-strict operator  Setter or creation capitalize (a_string: detachable STRING) do if a_string /= Void then a_string.to_upper end ensure a_string /= Void implies a_string.is_upper end

11 11 CAP demo  Different CAPs for locals and arguments  Void check in contract  Void check in conditional  Setter  Creator

12 12 Object test  Checking attachment of an expression (and its type)  Assignment to a local  Local is not declared and only available in one branch name: detachable STRING capitalize_name do if attached name as l_name then l_name.to_upper end ensure attached name as n and then n.is_upper end

13 13 Object test demo  Object test in body  Object test in assertion  Object test to test for type

14 14 Stable attributes  Detachaed attributes which are never set to void  They are initially void, but once attached will stay so  The basic CAPs work for them as well stable name: detachable STRING capitalize_name do if name /= Void then name.to_upper end

15 15 Stable demo  Feature annotations  CAP with stable attributes  Assigning to stable attributes

16 16 Void-safety in other languages: Spec#  Research variant of C#  Adds contracts and non-null types (and more)  Non-null types are marked with ! String s = null; String! s = „abc“; String! s = null;

17 17 Void-safety in other languages: JML  Research variant of Java  Adds contracts and non-null types (and more)  Types (except locals) are non-null per default String s = null; String s = „abc“; /*@ nullable @*/ String s = null;

Download ppt "1 Advanced Material The following slides contain advanced material and are optional."

Similar presentations

Program Verification Using the Spec# Programming System ETAPS Tutorial K. Rustan M. Leino, Microsoft Research, Redmond Rosemary Monahan, NUIM Maynooth.

Program Verification Using the Spec# Programming System ETAPS Tutorial K. Rustan M. Leino, Microsoft Research, Redmond Rosemary Monahan, NUIM Maynooth.
CPSC 388 – Compiler Design and Construction

CPSC 388 – Compiler Design and Construction
Introduction to Linked Lists In your previous programming course, you saw how data is organized and processed sequentially using an array. You probably.

Introduction to Linked Lists In your previous programming course, you saw how data is organized and processed sequentially using an array. You probably.
Coding Standard: General Rules 1.Always be consistent with existing code. 2.Adopt naming conventions consistent with selected framework. 3.Use the same.

Coding Standard: General Rules 1.Always be consistent with existing code. 2.Adopt naming conventions consistent with selected framework. 3.Use the same.
Today Quiz solutions are posted on the Grading page. Assignment 1 due today, 7pm. Arrays as Pointers, Cont. Aliasing & Passing by Reference null Winter.

Today Quiz solutions are posted on the Grading page. Assignment 1 due today, 7pm. Arrays as Pointers, Cont. Aliasing & Passing by Reference null Winter.
6/10/2015C++ for Java Programmers1 Pointers and References Timothy Budd.

6/10/2015C++ for Java Programmers1 Pointers and References Timothy Budd.
Road Map Introduction to object oriented programming. Classes

Road Map Introduction to object oriented programming. Classes
Avoid a void Bertrand Meyer With major contributions by Emmanuel Stapf & Alexander Kogtenkov (Eiffel Software)

Avoid a void Bertrand Meyer With major contributions by Emmanuel Stapf & Alexander Kogtenkov (Eiffel Software)
 2006 Pearson Education, Inc. All rights reserved. 1 19 Introduction to Classes and Objects.

 2006 Pearson Education, Inc. All rights reserved Introduction to Classes and Objects.
1 Advanced Material The following slides contain advanced material and are optional.

1 Advanced Material The following slides contain advanced material and are optional.
Chair of Software Engineering Avoid a void Bertrand Meyer ©Bertrand Meyer, 2008.

Chair of Software Engineering Avoid a void Bertrand Meyer ©Bertrand Meyer, 2008.
1 Advanced Material The following slides contain advanced material and are optional.

1 Advanced Material The following slides contain advanced material and are optional.
1 Advanced Material The following slides contain advanced material and are optional.

1 Advanced Material The following slides contain advanced material and are optional.
 2006 Pearson Education, Inc. All rights reserved. 1 3 3 Introduction to Classes and Objects.

 2006 Pearson Education, Inc. All rights reserved Introduction to Classes and Objects.
Chair of Software Engineering Automatic Verification of Computer Programs.

Chair of Software Engineering Automatic Verification of Computer Programs.
Declaring and Checking Non-null Types in an Object-Oriented Language Authors: Manuel Fahndrich K. Rustan M. Leino OOPSLA’03 Presenter: Alexander Landau.

Declaring and Checking Non-null Types in an Object-Oriented Language Authors: Manuel Fahndrich K. Rustan M. Leino OOPSLA’03 Presenter: Alexander Landau.
1 Type Type system for a programming language = –set of types AND – rules that specify how a typed program is allowed to behave Why? –to generate better.

1 Type Type system for a programming language = –set of types AND – rules that specify how a typed program is allowed to behave Why? –to generate better.
Introduction to Classes and Objects CS-2303, C-Term 20101 Introduction to Classes and Objects CS-2303 System Programming Concepts (Slides include materials.

Introduction to Classes and Objects CS-2303, C-Term Introduction to Classes and Objects CS-2303 System Programming Concepts (Slides include materials.
1 Types Object Oriented Programming 236703 Spring 2007.

1 Types Object Oriented Programming Spring 2007.
Inheritance and Polymorphism CS351 – Programming Paradigms.

Inheritance and Polymorphism CS351 – Programming Paradigms.

Similar presentations

Ads by Google