Design by Contract in Eiffel
|
|
- Todd Robinson
- 5 years ago
- Views:
Transcription
1 Design by Contract in Eiffel 2002/04/15
2 Reference & Resource Bertrand Meyer, Object-Oriented Oriented Software Construction 2nd,, 1997, PH. Bertrand Meyer, Eiffel: The Language,, 1992, PH. D. Mandrioli and B. Meyer, A Advances in Object- Oriented Software Engineering,, 1992, PH. JM. Jezequel et, al., Design Patterns and Contracts, 1999, AW. R. Mitchell et, al., Design by Contract, by Example, 20002, AW. /lang/asser/asser t.html.
3 Outline Introduction to Design by Contract Why Design by Contract? The Eiffel language. What is a Contract? Exception Handling. Inheritance. Documentation. Contracts in Analysis. Conclusion. Q&A.
4 Why Design by Contract?
5 How to Build Reliable OO Software? We need: Static typing. Garbage collection. Reusability libraries. This is not enough, we also need: A systematic approach to specifying and implementing OO software elements and their relations. Such a method Design by Contract: A software system is viewed as a set of communicating components whose interaction is based on precisely defined specifications of the contracts.
6 Reliability in Eiffel Correctness: Assertion. Robustness: Exception handling.
7 Partial functions (1/2) Some operations are not applicable to every possible element of their source sets: In class Stack, method pop and top- cannot pop an element from an empty stack; and an empty stack has no top. inv (x) = 1 / x. A function from a source set X to a target set Y is partial if it is not defined for all members of X. A function which is not partial is total.
8 Partial functions (2/2) Partial functions are an inescapable fact of software development life: Not every operation is applicable to every object. A potential source of errors: If f is a partial function from X to Y, we are not sure any more that the expression f (e) makes sense. Partial functions must specify the domain of each of them. This is the role of the precondition.
9 Correctness formula Axiomatic semantics: Floyd, Hoare and Dijkstra. {P} A {Q} Any execution of A, starting in a state where P holds, will terminate in a state where Q holds.
10 Class correctness For creation procedure p: {pre p } Body p {post p and INV} For exported routine r: {pre r and INV} Body r {post r and INV} For rescue clause in routine r: {True} Rescue r {INV} For retry clause in routine r: {True} Retry r {INV and pre r }
11 The Eiffel Language
12 Some language features (1/2) Pure object-oriented oriented language. Garbage collection. Consistent type system. Static typing. Classes as the basic structuring tool. Design by Contract. Assertions. Exception handling: rescue & retry. Multiple inheritance. Feature renaming. Redefinition & Explicit redefinition.
13 Some language features (2/2) Deferred features and classes. Subcontracting. Generic Type: Unconstrained & Constrained. Once routines. External interfaces. Self-documentation. No in-class overloading. No global variables. No goto instructions. No low-level level pointers, no pointer arithmetic.
14 Hello World in Eiffel
15 What is a Contract?
16 Fundamental properties of contracts in human affairs A contract implies obligations and benefits for both parties. An obligation for one maps into a benefit for the other. The obligations and benefits are explicit: : the role of the contract document is precisely to spell them out in detail, avoiding ambiguity inasmuch as humanly feasible. Some general clauses may remain implicit because they automatically apply to all contracts. An obligation is actually also a benefit for the corresponding party.
17 Assertions: Contracting for Software Producing correct and robust software: To make explicit the obligations and guarantees on any call. The mechanisms are called assertions. Contracts: A collection of assertions that describe precisely what each feature of the component does and does not do. In Eiffel: Precondition require (require else). Postcondition ensure (ensure then). Invariant - invariant.
18 Contract put an item into a table Obligations Benefits Client (Must ensure precondition) Make sure table is not full and key is a non-empty string. (May benefit from postcondition) Get updated table where the given element now appears, associated with the given key. Supplier (Must ensure postcondition) Record given element in table, associated with given key. (May assume precondition) No need to do anything if table is full, or key is empty string.
19 Generic Class DICTIONARY [ELEMENT] precondition postcondition
20 Writing down the contract Contract document should spelled out precisely. Contract protects both sides: It protects the client by specifying how much should be done: the client is entitled to receive a certain result. It protects the contractor by specifying how little is acceptable: the contractor must not be liable for failing to carry out tasks outside of the specified scope.
21 Observations on software contracts (1/3) if count < capacity then Some insertion algorithm else end Deal with normal case Rule: Either you have the condition in the require, or you have it in an if instruction in the body of the routine, but never in both. Preconditions are sometimes viewed with suspicion shouldn t t a routine be prepared to handle all possible inputs?
22 Observations on software contracts (2/3) It should not: The stronger the precondition, the higher the burden on the client, and the easier for the contractor. The matter of who should deal with abnormal values is essentially a pragmatic decision about division of labor : the best solution is the one that achieves the simples architecture.
23 Observations on software contracts (3/3) Bad cases: Every routine checked for every possible error in its calls no useful work would ever be performed. Both the client and the routine check for the same conditions - redundancy. A good case: Routines with strong preconditions will concentrate on performing well a precisely defined task, rather than attempt to handle all possible abnormal cases.
24 Who should check (1/4) tolerant weak Increasing the routine s burden precondition demanding strong Putting the responsibility on clients The key criterion: To maximize the overall simplicity of the architecture. The Eiffel is on the demanding side: it encourages writing simple routines with a well-defined contract rather than routines which will attempt to handle every imaginable case.
25 Who should check (2/4) Question? /A/ if x.p then x.r else end The demanding style seems to force every client to make the same checks, corresponding to the precondition. ex: precondition p in a routine r: Special treatment
26 Who should check (3/4) Precondition means : x.put; x.remove; The client must guarantee property p, which is not the same as testing for this condition before each call.
27 Who should check (4/4) Assume many clients will indeed need to check for the precondition, as in form /A/ above. What matters then is the Special treatment in the else clause? It may be the same for all calls. This is almost certainly a sign of a poor contract for the routine r. If there is a well-defined standard action for the case not p, the the routine s s precondition as given is too restrictive. The Special treatment being moved from the individual clients to the routine itself. If it is different for various clients, the individual test for p by every client is inevitable. Each has defined its own way of dealing with the case for which p is not satisfied (occurs frequently- only the clients have enough context information to decide on the proper action).
28 Monitoring assertions Assertion monitoring levels in Efiiel: No assertion checking at all. Preconditions only (default). Preconditions and postconditions. Preconditions, postconditions, invariants. The effect of an assertion violation is to raise an exception.
29 Exception Handling
30 What is an Exception? Any routine has a contract to achieve. Its body defines a strategy to achieve it a sequence of operations. Any one of these operations may fail unable to meet its contract. The failure of an operation is an exception for the routine that needed the operation. As a result the routine may fail too causing an exception in its own caller.
31 Failures and Exceptions A failure of a routine causes an exception in its caller my_task is do subtask 1 ; subtask 2 ; subtask n ; end -- my_task If any one of subtasks fail, it must causes an exception to its caller, that is my_task.
32 How to Handle Exceptions?
33 Retry many times
34 Disciplined Exception Handling principle R1- Retrying: attempt to change the conditions that led to the exception and to execute the routine again from the start. R2- Failure (organized panic): clean up the environment, terminate the call and report failure to the caller.
35 Inheritance
36 Example class COURIER
37 Obligations and Benefits for Clients and Suppliers
38 class DIFFERENT_COURIER
39 Redefining Contracts Redefining a Precondition: Weight of package must not exceed 8 kg OK (less restrictive). Weight of package must not exceed 3 kg No good (more restrictive). Redefining a Postcondition: Package delivered within 2 working hours. OK (more restrictive). Package delivered within 5 working hours. No good (less restrictive).
40 Principle of Subcontracting A redefined version may keep or weaken the precondition; it may keep or strengthen the postcondition: Require no more, promise no less. Dishonest subcontracting: Strengthening the precondition, or weakening the postcondition The Eiffel language rules for assertion redefinition support the principle of subcontracting. The Liskov Substitution Principle.
41 require else & ensure then
42 require else in subclasses
43 ensure then in subclasses
44 Another Example
45 The Error Message ISE EiffelStudio
46 invariant in subclasses A subclass inherits its superclass s invariant. It can add more clauses to the invariant, which are and-ed onto the inherited clauses, thus strengthening the inherited invariant.
47 Inheritance Not just a reuse, subtyping and classification mechanism, but a way to ensure compatible semantics. Contracts provide useful guidance as to how to use inheritance properly.
48 Documentation
49 Different View of a Class 1. Clickable view. 2. Flat view. 3. Contract view. 4. Interface view. 5. Ancestors. 6. Descendants. 7. Clients. 8. Suppliers. 9. Attributes. 10. Routines. 11. Deferred features. 12. Once routines and constants. 13. External features. 14. Exported features.
50 Contracts in Analysis
51 Contracts in Analysis Example : feature of class TANK Yes/no queries: is_empty, is_full... Other queries: in_valve, out_valve (both of type VALVE), gauge_reading, capacity... Commands: fill, empty,...
52 Contracts in Analysis (cont.)
53 Contracts in Analysis (cont.) This style of analysis avoids a classic dilemma of analysis and specification: either you use a programming notation and run the risk of making premature implementation commitments; or you stick with a higher-level notation ("bubbles and arrows") and you must remain vague, forsaking one of the major benefit of the analysis process, the ability to state and clarify delicate properties of the system.
54 Conclusion (1/4) Eiffel is a method and language for efficient description and development of quality systems. Eiffel covers whole spectrum of software development: Analysis, modeling and specification. Design and architecture. Implementation. Debugging and Testing. Maintenance. Documentation.
55 Conclusion (2/4) Contracts: Are not a mechanism to test for special conditions, for example erroneous user input. An assertion is instead a correctness condition governing the relationship between two software modules Not a software module and a human, or a software module and an external device. Assertion violation rule: A precondition violation signals a bug in the client,, which did not observe its part of the deal. A postcondition (or invariant) violation signals a bug in the supplier which did not do its job.
56 Conclusion (3/4) Benefits of Design by Contract: Better designs. Improving reliability. Better documentation. Easier debugging. Support for reuse.
57 Conclusion (4/4) Lack of language support: Eiffel is the first language directly support for design by contract. Java JDK 1.4 now support assertions: New keyword - assert. New class AssertionError. No directly support for design by contract. See: /lang/assert.html/assert.html How about tools like icontract?
58 Q & A
a correct statement? You need to know what the statement is supposed to do.
Using assertions for correctness How can we know that software is correct? It is only correct if it does what it is supposed to do. But how do we know what it is supposed to do? We need a specification.
More informationReadability [Skrien 4.0] Programs must be written for people to read, and only incidentally for machines to execute.
Readability [Skrien 4.0] Programs must be written for people to read, and only incidentally for machines to execute. Abelson & Sussman Use a good set of coding conventions, such as the ones given in the
More informationTrusted Components. Reuse, Contracts and Patterns. Prof. Dr. Bertrand Meyer Dr. Karine Arnout
1 Last update: 2 November 2004 Trusted Components Reuse, Contracts and Patterns Prof. Dr. Bertrand Meyer Dr. Karine Arnout 2 Lecture 8: Design by Contract (1/2) Agenda for today 3 Design by Contract: definition
More informationWhy Design by Contract! CS 619 Introduction to OO Design and Development. Design by Contract. Fall 2012
Why Design by Contract What s the difference with Testing? CS 619 Introduction to OO Design and Development Design by Contract Fall 2012 Testing tries to diagnose (and cure) defects after the facts. Design
More informationReferences: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 10/14/2004 1
References: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 10/14/2004 1 Assertions Statements about input to a routine or state of a class Have two primary roles As documentation,
More informationAssertions. Assertions - Example
References: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 11/13/2003 1 Assertions Statements about input to a routine or state of a class Have two primary roles As documentation,
More informationEiffel: Analysis, Design and Programming. ETH Zurich, September-December Exception handling
Eiffel: Analysis, Design and Programming ETH Zurich, September-December 2008-6- Exception handling What is an exception? An abnormal event Not a very precise definition Informally: something that you don
More informationSoftware Development. Modular Design and Algorithm Analysis
Software Development Modular Design and Algorithm Analysis Precondition and Postcondition To create a good algorithm, a programmer must be able to analyse a precondition (starting state) and a postcondition
More informationAdding Contracts to C#
Adding Contracts to C# Peter Lagace ABSTRACT Design by contract is a software engineering technique used to promote software reliability. In order to use design by contract the selected programming language
More informationCSC Advanced Object Oriented Programming, Spring Specification
CSC 520 - Advanced Object Oriented Programming, Spring 2018 Specification Specification A specification is an unambiguous description of the way the components of the software system should be used and
More informationObject Oriented Program Correctness with OOSimL
Kennesaw State University DigitalCommons@Kennesaw State University Faculty Publications 12-2009 Object Oriented Program Correctness with OOSimL José M. Garrido Kennesaw State University, jgarrido@kennesaw.edu
More informationObject Oriented Programming
Object Oriented Programming Primary object-oriented language concepts dynamic lookup encapsulation inheritance subtyping Program organization Organize concepts into objects and relationships between them
More informationObject-Oriented Design
Object-Oriented Design Lecturer: Raman Ramsin Lecture 15: Object-Oriented Principles 1 Open Closed Principle (OCP) Classes should be open for extension but closed for modification. OCP states that we should
More information3. Design by Contract
3. Design by Contract Oscar Nierstrasz Design by Contract Bertrand Meyer, Touch of Class Learning to Program Well with Objects and Contracts, Springer, 2009. 2 Roadmap > Contracts > Stacks > Design by
More informationTop Down Design vs. Modularization
6.170 Quiz Review Topics: 1. Decoupling 2. 3. AF & RI 4. Iteration Abstraction & Iterators 5. OMs and Invariants 6. Equality, Copying, Views 7. 8. Design Patterns 9. Subtyping 10. Case Studies Decomposition
More informationIndex. Index. More information. block statements 66 y 107 Boolean 107 break 55, 68 built-in types 107
A abbreviations 17 abstract class 105 abstract data types 105 abstract method 105 abstract types 105 abstraction 92, 105 access level 37 package 114 private 115 protected 115 public 115 accessors 24, 105
More informationUniverse Type System for Eiffel. Annetta Schaad
Universe Type System for Eiffel Annetta Schaad Semester Project Report Software Component Technology Group Department of Computer Science ETH Zurich http://sct.inf.ethz.ch/ SS 2006 Supervised by: Dipl.-Ing.
More informationThe Dependent Delegate Dilemma
The Depent Delegate Dilemma Bertrand Meyer, ETH Zurich ABSTRACT A criticism of the object-oriented style of programming is that the notion of class invariant seems to collapse in non-trivial client-supplier
More informationUC Santa Barbara. CS189A - Capstone. Christopher Kruegel Department of Computer Science UC Santa Barbara
CS189A - Capstone Christopher Kruegel Department of Computer Science http://www.cs.ucsb.edu/~chris/ Design by Contract Design by Contract and the language that implements the Design by Contract principles
More informationMSO Lecture Design by Contract"
1 MSO Lecture Design by Contract" Wouter Swierstra (adapted by HP, AL) October 8, 2018 2 MSO SO FAR Recap Abstract Classes UP & Requirements Analysis & UML OO & GRASP principles Design Patterns (Facade,
More informationAssertions & Design-by-Contract using JML Erik Poll University of Nijmegen
Assertions & Design-by-Contract using JML Erik Poll University of Nijmegen Erik Poll - JML p.1/39 Overview Assertions Design-by-Contract for Java using JML Contracts and Inheritance Tools for JML Demo
More informationCHAPTER 6 Design by Contract. Literature. When Design by Contract? Why Design By Contract?
CHAPTER 6 Design by Contract Literature Introduction When, Why & What Pre & Postconditions + Invariants + Example: Stack Implementation Redundant Checks vs. Assertions Exception Handling Assertions are
More informationContracts. Dr. C. Constantinides. June 5, Department of Computer Science and Software Engineering Concordia University Montreal, Canada 1/71
Contracts Dr. C. Constantinides Department of Computer Science and Software Engineering Concordia University Montreal, Canada June 5, 2018 1/71 Contracts in human affairs In human affairs we form legally
More informationPrinciples of Object-Oriented Design
Principles of Object-Oriented Design 1 The Object-Oriented... Hype What are object-oriented (OO) methods? OO methods provide a set of techniques for analysing, decomposing, and modularising software system
More informationSpecifications. CSE 331 Spring 2010
Specifications CSE 331 Spring 2010 The challenge of scaling software Small programs are simple and malleable easy to write easy to change Big programs are (often) complex and inflexible hard to write hard
More informationA comparative study of Programming by Contract and Programming with Exceptions
Computer Science Jimmy Byström Leo Wentzel A comparative study of Programming by Contract and Programming with Exceptions Master s Thesis 2003:02 A comparative study of Programming by Contract and Programming
More informationSoftware Architecture 4. July 2005
Chair of Software Engineering Bertrand Meyer Software Architecture 4. July 2005 Name, First name:... I confirm with my signature, that I was able to take this exam under regular conditions and that I have
More informationObject-Oriented Design
Object-Oriented Design Department of Computer Engineering Lecture 12: Object-Oriented Principles Sharif University of Technology 1 Open Closed Principle (OCP) Classes should be open for extension but closed
More informationA Practical Approach to Programming With Assertions
A Practical Approach to Programming With Assertions Ken Bell Christian-Albrechts Universität Kiel Department of Computer Science and Applied Mathematics Real-Time Systems and Embedded Systems Group July
More informationDesign by Contract: An Overview
: An Overview CSCI 5828 Michael M. Vitousek University of Colorado at Boulder michael.vitousek@colorado.edu March 21, 2012 1 / 35 Outline 1 Introduction Motivation and Introduction Simple Example Contract
More informationObject-Oriented Software Construction
1 Object-Oriented Software Construction Bertrand Meyer Contact 2 Chair of Software Engineering: http://se.inf.ethz.ch Course assistant: Joseph N. Ruskiewicz http://se.inf.ethz.ch/people/ruskiewicz 3 Lecture
More informationObject-Oriented Software Construction
1 Object-Oriented Software Construction Bertrand Meyer 2 Lecture 21: Typing issues, covariance The America Conjecture 3 (Pierre America at TOOLS Europe 1990) One can have at most two of the three properties
More informationEiffel: Analysis, Design and Programming
Eiffel: Analysis, Design and Programming Bertrand Meyer (Nadia Polikarpova) Chair of Software Engineering - 8 - Inheritance 2 Overview Basics Redefinition Polymorphism and dynamic binding Inheritance and
More informationDesigning Robust Classes
Designing Robust Classes Learning Goals You must be able to:! specify a robust data abstraction! implement a robust class! design robust software! use Java exceptions Specifications and Implementations
More information1. Quality issues (5 points)
ETH Zurich Computer Science Course: Advanced Topics in Object Technology, by Bertrand Meyer Summer semester 2003 Exam (prepared by Karine Arnout) 2 July 2003 10:00 to 12:00 Name:.. Id-Nr:.. No notes, computers,
More informationAssertions, pre/postconditions
Programming as a contract Assertions, pre/postconditions Assertions: Section 4.2 in Savitch (p. 239) Specifying what each method does q Specify it in a comment before method's header Precondition q What
More informationControl flow in Eiffel
Announcements Assignment will be posted this week.» We ll make sure you have enough time to it! A little more Eiffel, Genericity and ADTs Week 3, Lecture 4 January 16 Section N Review What is the definition
More informationMultiple & Repeated! Inheritance!
Multiple & Repeated Inheritance 21-1 Multiple Inheritance Example Combining two abstractions into one» COMPARABLE and NUMERIC are both useful abstractions > Some abstractions make use of both while others
More informationMultiple & Repeated Inheritance
Multiple & Repeated Inheritance 21-1 Multiple Inheritance Example Combining two abstractions into one» COMPARABLE and NUMERIC are both useful abstractions > Some abstractions make use of both while others
More informationAgenda. More on the Unified Modeling Language. UML diagram types. Packages
Agenda More on the Unified Modeling Language Perdita Stevens, University of Edinburgh July 2010 And the rest... deployment diagrams, component diagrams, object diagrams, timing diagrams, etc. OCL and alternatives
More informationHoare Logic: Proving Programs Correct
Hoare Logic: Proving Programs Correct 17-654/17-765 Analysis of Software Artifacts Jonathan Aldrich Reading: C.A.R. Hoare, An Axiomatic Basis for Computer Programming Some presentation ideas from a lecture
More informationAXIOMS OF AN IMPERATIVE LANGUAGE PARTIAL CORRECTNESS WEAK AND STRONG CONDITIONS. THE AXIOM FOR nop
AXIOMS OF AN IMPERATIVE LANGUAGE We will use the same language, with the same abstract syntax that we used for operational semantics. However, we will only be concerned with the commands, since the language
More informationGuided Random-Based Testing Strategies Diploma Thesis
Guided Random-Based Testing Strategies Diploma Thesis Cosmin Mitran Faculty of Automation and Computer Science Technical University of Cluj-Napoca Supervisors: Ilinca Ciupa Prof. Dr. Bertrand Meyer Chair
More informationOO Design Principles
OO Design Principles Software Architecture VO (706.706) Roman Kern Institute for Interactive Systems and Data Science, TU Graz 2018-10-10 Roman Kern (ISDS, TU Graz) OO Design Principles 2018-10-10 1 /
More informationType Hierarchy. Lecture 6: OOP, autumn 2003
Type Hierarchy Lecture 6: OOP, autumn 2003 The idea Many types have common behavior => type families share common behavior organized into a hierarchy Most common on the top - supertypes Most specific at
More informationProof Carrying Code(PCC)
Discussion p./6 Proof Carrying Code(PCC Languaged based security policy instead of OS-based A mechanism to determine with certainity that it is safe execute a program or not Generic architecture for providing
More informationFrom Eiffel and Design by Contract to Trusted Components
From Eiffel and Design by Contract to Trusted Components Bertrand Meyer ETH Zürich / Eiffel Software Budapest, December 2003 1 My background Since 1985: Founder (now Chief Architect) of Eiffel Software,
More informationJAVA BASICS II. Example: FIFO
JAVA BASICS II Example: FIFO To show how simple data structures are built without pointers, we ll build a doubly-linked list ListItem class has some user data first refers to that ListItem object at the
More informationEiffel, a pure OO language with support for Design by Contract
Eiffel, a pure OO language with support for From the perspective of a PHP programmer by Berend de Boer 1 class HELLO_WORLD 2 creation 3 make 4 feature -- Initialization 5 make is 6 do 7 print ("hello world")
More informationAdvanced Topics in Object Technology
1 Advanced Topics in Object Technology Bertrand Meyer Contact 2 : http://se.inf.ethz.ch Course assistant: Karine Arnout http://se.inf.ethz.ch/people/arnout 3 Lecture 1: Introduction, Quality issues, Lifecycle
More informationWith the popularity of the Web and the
Cover Feature Behavioral Specification of Distributed Software Component Interfaces Design by contract solves the problem of behavioral specification for classes in an object-oriented program, which will
More information17. Assertions. Outline. Built-in tests. Built-in tests 3/29/11. Jelle Slowack, Bart Smets, Glenn Van Loon, Tom Verheyen
17. Assertions Jelle Slowack, Bart Smets, Glenn Van Loon, Tom Verheyen Outline Introduction (BIT, assertion, executable assertion, why?) Implementation-based vs responsability-based assertions Implementation
More informationAssoc. Prof. Marenglen Biba. (C) 2010 Pearson Education, Inc. All rights reserved.
Assoc. Prof. Marenglen Biba Exception handling Exception an indication of a problem that occurs during a program s execution. The name exception implies that the problem occurs infrequently. With exception
More informationAssignment 7: Inheritance
Assignment 7: Inheritance ETH Zurich Hand-out: 11 December 2006 Due: 19 December 2006 Calvin and Hobbes c Bill Watterson 1 Dynamic exercise Goal Understand the effects of dynamic binding. Summary Have
More informationLearning Objectives. C++ For Artists 2003 Rick Miller All Rights Reserved xli
Identify and overcome the difficulties encountered by students when learning how to program List and explain the software development roles played by students List and explain the phases of the tight spiral
More information17. Assertions. Jelle Slowack, Bart Smets, Glenn Van Loon, Tom Verheyen
17. Assertions Jelle Slowack, Bart Smets, Glenn Van Loon, Tom Verheyen Outline Introduction (BIT, assertion, executable assertion, why?) Implementation-based vs responsability-based assertions Implementation
More informationEiffel as a Framework for Verification
Eiffel as a Framework for Verification Bertrand Meyer ETH Zurich http://se.inf.ethz.ch Eiffel Software www.eiffel.com Abstract. The Eiffel method and language integrate a number of ideas originating from
More informationTrusted Components. Reuse, Contracts and Patterns. Prof. Dr. Bertrand Meyer Dr. Karine Arnout
1 Last update: 2 November 2004 Trusted Components Reuse, Contracts and Patterns Prof. Dr. Bertrand Meyer Dr. Karine Arnout 2 Lecture 12: Componentization Agenda for today 3 Componentization Componentizability
More informationTesting Object-Oriented Software. 22 November 2017
Testing Object-Oriented Software 22 November 2017 Testing Object-Oriented Software 2 Problems in object-oriented testing [Binder] Each level in the class hierarchy creates a new context for inherited features:
More informationCITS5501 Software Testing and Quality Assurance Formal methods
CITS5501 Software Testing and Quality Assurance Formal methods Unit coordinator: Arran Stewart May 1, 2018 1 / 49 Sources Pressman, R., Software Engineering: A Practitioner s Approach, McGraw-Hill, 2005
More informationContract Programming For C++0x
Contract Programming For C++0x WG21/N1800 and J16/05-0060 Lawrence Crowl and Thorsten Ottosen lawrence.crowl@sun.com and nesotto@cs.aau.dk 2005-04-27 Overview This is an annotated version of the presentation
More informationLecture 1 Contracts : Principles of Imperative Computation (Fall 2018) Frank Pfenning
Lecture 1 Contracts 15-122: Principles of Imperative Computation (Fall 2018) Frank Pfenning In these notes we review contracts, which we use to collectively denote function contracts, loop invariants,
More informationLecture 4 Specifications
CSE 331 Software Design and Implementation Administrivia Next assignments posted tonight HW2: Written problems on loops Lecture 4 Specifications Readings posted as well! Quizzes coming soon J Zach Tatlock
More informationInheritance and object compatibility
Inheritance and object compatibility Object type compatibility An instance of a subclass can be used instead of an instance of the superclass, but not the other way around Examples: reference/pointer can
More informationBuilding Trust in Third-party Components using Component Wrappers in the.net Frameworks
Building Trust in Third-party Components using Component Wrappers in the.net Frameworks Christine A. Mingins, Chee Y. Chan School of Computer Science and Software Engineering Monash University PO Box 197,
More informationThe architecture of Eiffel software 3.1 OVERVIEW classes clusters systems
3 Draft 5.02.00-0, 15 August 2005 (Santa Barbara). Extracted from ongoing work on future third edition of Eiffel: The Language. Copyright Bertrand Meyer 1986-2005. Access restricted to purchasers of the
More informationExheritance Class Generalisation Revived
Exheritance Class Generalisation Revived Markku Sakkinen Information Technology Research Institute University of Jyväskylä P.O.Box 35 (Agora) FIN-40351 Jyväskylä Finland sakkinenm@acm.org or sakkinen@cs.jyu.fi
More informationMotivation State Machines
Motivation State Machines Generating test cases for complex behaviour Textbook Reading: Chapter 7 We are interested in testing the behaviour of object-oriented software systems Behaviour: Interactions
More informationViolations of the contract are exceptions, and are usually handled by special language constructs. Design by contract
Specification and validation [L&G Ch. 9] Design patterns are a useful way to describe program structure. They provide a guide as to how a program fits together. Another dimension is the responsibilities
More information6.170 Lecture 6 Procedure specifications MIT EECS
6.170 Lecture 6 Procedure specifications MIT EECS Outline Satisfying a specification; substitutability Stronger and weaker specifications Comparing by hand Comparing via logical formulas Comparing via
More informationChapter 11. Categories of languages that support OOP: 1. OOP support is added to an existing language
Categories of languages that support OOP: 1. OOP support is added to an existing language - C++ (also supports procedural and dataoriented programming) - Ada 95 (also supports procedural and dataoriented
More informationException Handling Introduction. Error-Prevention Tip 13.1 OBJECTIVES
1 2 13 Exception Handling It is common sense to take a method and try it. If it fails, admit it frankly and try another. But above all, try something. Franklin Delano Roosevelt O throw away the worser
More informationLecture 1 Contracts. 1 A Mysterious Program : Principles of Imperative Computation (Spring 2018) Frank Pfenning
Lecture 1 Contracts 15-122: Principles of Imperative Computation (Spring 2018) Frank Pfenning In these notes we review contracts, which we use to collectively denote function contracts, loop invariants,
More informationJava: advanced object-oriented features
Chair of Software Engineering Carlo A. Furia, Marco Piccioni, Bertrand Meyer Java: advanced object-oriented features Chair of Software Engineering Carlo A. Furia, Marco Piccioni, Bertrand Meyer Packages
More informationLecture 9: Control Flow
Programming Languages Lecture 9: Control Flow Benjamin J. Keller Department of Computer Science, Virginia Tech Programming Languages Control Flow 2 Command Overview Assignment Control Structures Natural
More informationHypertext A Case Study of Formal Object-Oriented Software Development
Hypertext A Case Study of Formal Object-Oriented Software Development Andreas Rüping Forschungszentrum Informatik (FZI) Bereich Programmstrukturen Haid-und-Neu-Straße 10-14 D-76131 Karlsruhe e-mail: rueping@fzi.de
More informationObject Oriented Issues in VDM++
Object Oriented Issues in VDM++ Nick Battle, Fujitsu UK (nick.battle@uk.fujitsu.com) Background VDMJ implemented VDM-SL first (started late 2007) Formally defined. Very few semantic problems VDM++ support
More informationLecture Notes: Hoare Logic
Lecture Notes: Hoare Logic 17-654/17-754: Analysis of Software Artifacts Jonathan Aldrich (jonathan.aldrich@cs.cmu.edu) Lecture 3 1 Hoare Logic The goal of Hoare logic is to provide a formal system for
More informationDATA TYPES. CS 403: Types and Classes DATA TYPES (CONT D)
DATA TYPES CS 403: Types and Classes Stefan D. Bruda Fall 2017 Algorithms + data structures = programs Abstractions of data entities highly desirable Program semantics embedded in data types Data types
More informationChecking Program Properties with ESC/Java
Checking Program Properties with ESC/Java 17-654/17-765 Analysis of Software Artifacts Jonathan Aldrich 1 ESC/Java A checker for Java programs Finds null pointers, array dereferences Checks Hoare logic
More informationSpell Checker for EiffelStudio
Spell Checker for EiffelStudio Software Engineering Laboratory: Open-Source EiffelStudio Semester project by Benjamin Fischer Student number: 10-916-971 Supervised by Julian Tschannen ETH Computer Science
More informationJOURNAL OF OBJECT TECHNOLOGY
JOURNAL OF OBJECT TECHNOLOGY Online at www.jot.fm. Published by ETH Zurich, Chair of Software Engineering JOT, 2002 Vol. 1, no. 4, September-October 2002 Eiffel Assertions and the External Structure of
More informationFoundations of Software Engineering Design by Contract
Foundations of Software Engineering Fall 2017 Department of Computer Science Ben-Gurion university Based on slides of: Mira Balaban Department of Computer Science Ben-Gurion university R. Mitchell and
More informationLecture Notes on Programming Languages
Lecture Notes on Programming Languages 85 Lecture 09: Support for Object-Oriented Programming This lecture discusses how programming languages support object-oriented programming. Topics to be covered
More informationCS 315 Software Design Homework 3 Preconditions, Postconditions, Invariants Due: Sept. 29, 11:30 PM
CS 315 Software Design Homework 3 Preconditions, Postconditions, Invariants Due: Sept. 29, 11:30 PM Objectives Defining a wellformed method to check class invariants Using assert statements to check preconditions,
More informationLecture 4: Procedure Specifications
Lecture 4: Procedure Specifications 4.1. Introduction In this lecture, we ll look at the role played by specifications of methods. Specifications are the linchpin of team work. It s impossible to delegate
More informationProgramming Languages. Benjamin J. Keller Department of Computer Science, Virginia Tech
Programming Languages Eiffel Benjamin J. Keller Department of Computer Science, Virginia Tech Programming Languages Eiffel 2 Overview Classes and Objects Builtin types, constants and operations Expressions,
More informationChapter 8: Class and Method Design
Chapter 8: Class and Method Design Objectives Become familiar with coupling, cohesion, and connascence. Be able to specify, restructure, and optimize object designs. Be able to identify the reuse of predefined
More information1. true / false By a compiler we mean a program that translates to code that will run natively on some machine.
1. true / false By a compiler we mean a program that translates to code that will run natively on some machine. 2. true / false ML can be compiled. 3. true / false FORTRAN can reasonably be considered
More informationPROCESS DEVELOPMENT METHODOLOGY The development process of an API fits the most fundamental iterative code development
INTRODUCING API DESIGN PRINCIPLES IN CS2 Jaime Niño Computer Science, University of New Orleans New Orleans, LA 70148 504-280-7362 jaime@cs.uno.edu ABSTRACT CS2 provides a great opportunity to teach an
More informationContract Wizard II: Developing a GUI
Contract Wizard II: Developing a GUI PROJECT PLAN Diploma project Project period 2004-04-26 2004-08-25 Student name Petra Marty Status 9 th semester Email address martypet@student.ethz.ch Supervisor name
More information1: Introduction to Object (1)
1: Introduction to Object (1) 김동원 2003.01.20 Overview (1) The progress of abstraction Smalltalk Class & Object Interface The hidden implementation Reusing the implementation Inheritance: Reusing the interface
More informationCS 32. Lecture 1: oops
CS 32 Lecture 1: oops Textbooks Problem Solving in C++ (CS 16) Chapters 10-18 Data Structures with C++ (CS 24) Chapters 12-14 Reader SBPrinter at UCen Grading Labs 20% Programming Assignments 20% 3 thirdterm
More informationForth Meets Smalltalk. A Presentation to SVFIG October 23, 2010 by Douglas B. Hoffman
Forth Meets Smalltalk A Presentation to SVFIG October 23, 2010 by Douglas B. Hoffman 1 CONTENTS WHY FMS? NEON HERITAGE SMALLTALK HERITAGE TERMINOLOGY EXAMPLE FMS SYNTAX ACCESSING OVERRIDDEN METHODS THE
More informationChapter 3. Describing Syntax and Semantics ISBN
Chapter 3 Describing Syntax and Semantics ISBN 0-321-49362-1 Chapter 3 Topics Describing the Meanings of Programs: Dynamic Semantics Copyright 2015 Pearson. All rights reserved. 2 Semantics There is no
More informationLectures 20, 21: Axiomatic Semantics
Lectures 20, 21: Axiomatic Semantics Polyvios Pratikakis Computer Science Department, University of Crete Type Systems and Static Analysis Based on slides by George Necula Pratikakis (CSD) Axiomatic Semantics
More informationMethod Description for Semla A Software Design Method with a Focus on Semantics
Computer Science Method Description for Semla A Software Design Method with a Focus on Semantics Semla for Java, English version May 2000 Method Description for Semla A Software Design Method with a Focus
More informationState-Based Testing Part B Error Identification. Generating test cases for complex behaviour
State-Based Testing Part B Error Identification Generating test cases for complex behaviour Reference: Robert V. Binder Testing Object-Oriented Systems: Models, Patterns, and Tools Addison-Wesley, 2000,
More informationThe Eiffel language. Slides partly based on :
The Eiffel language Slides partly based on : http://se.inf.ethz.ch/courses/2015b_fall/eprog/english_index.html Eiffel, in brief Procedural, object-oriented programming language created by Bertrand Meyer
More informationSoftware Engineering Testing and Debugging Testing
Software Engineering Testing and Debugging Testing Prof. Dr. Peter Thiemann Universitt Freiburg 08.06.2011 Recap Testing detect the presence of bugs by observing failures Debugging find the bug causing
More information