III lecture: Contracts and Abstract Data Types. An obligation from last lecture... An obligation from last lecture... (2) January/February 2013
|
|
- Amice Snow
- 5 years ago
- Views:
Transcription
1 III lecture: Contracts and Data Types Dip. di Informatica Università degli Studi di Milano, Italy January/February 201 An obligation from last lecture... An obligation from last lecture... (2) 1 class TEST_STABLE_STATES feature make 4 require ok_pre("make") 5 do print("executing make%n") 6 mycommand 7 ensure ok_post("make") 8 end 9 mycommand 10 require ok_pre("mycommand") 11 do print("executing mycommand%n") 12 ensure ok_post("mycommand") 1 end 14 ok_inv: BOOLEAN do 15 print("%n") 16 Result := True 17 end 18 ok_pre (where: STRING): BOOLEAN do 19 print("checking "+where+"%n") 20 Result := True 21 end 22 ok_post (where: STRING): BOOLEAN do 2 print("checking "+where+"%n") 24 Result := True 25 end 26 invariant ok_inv 27 end 1 class CLIENT root class feature {NONE} 4 s: TEST_STABLE_STATES 5 make do 6 print("making a TEST_STABLE_STATES object s%n") 7 create s.make 8 print("asking s for service mycommand%n") 9 s.mycommand 10 end 11 end Output: Making a TEST_STABLE_STATES object s Checking make Executing make Checking mycommand Executing mycommand Checking mycommand Checking make Asking s for service myfeature Checking mycommand Executing mycommand Checking mycommand 1 class ROOT_TEST_STABLE_STATES feature 4 make 5 require ok_pre("make") Forbidden when root 6 do 7 print("executing make%n") 8 mycommand 9 ensure ok_post("make") 10 end 11 mycommand 12 require ok_pre("mycommand") 1 do 14 print("executing mycommand%n") 15 use myother as a client, not internally 16 Current.myother 17 ensure ok_post("mycommand") 18 end 19 myother 20 require ok_pre("myother") 21 do 22 print("executing myother%n") 2 ensure ok_post("myother") 24 end Output: Executing make Checking mycommand Executing mycommand Checking myother Executing myother Checking myother Checking mycommand Checking make 25 ok_inv: BOOLEAN do print("%n"); Result := True; end 26 ok_pre (where: STRING): BOOLEAN do print("checking " + where + "%N"); Result := True; end 27 ok_post (where: STRING): BOOLEAN do print("checking " + where + "%N"); Result := True; end 28 invariant ok_inv 29 end
2 Final notes on Eiffel The Indirect Invariant Effect Contract are seen only from a client point of view: internally more freedom is available Predicates are supposed to be declarative, but they can be arbitrary code: beware of side-effects Creators make objects that satisfy invariants, and any command or query preserve them. Unfortunately, this does not guarantee that the invariants always hold! The problem is aliasing: even if every a.f preserves the invariant of a, some b.g might influence a via aliasing 1 class A... feature forward: B... 2 invariant (forward /= Void) implies (forward.backward = Current) end 4 class B 5 feature backward: A 6 attach (a1: A) do backward := a1; end 7 end b.attach(void) Data Types (ADT) Stack Describing a type is crucial in specification: but we do not want to over-specify the implementation(s): ideally we want strictly abstract descriptions are a remarkable theory, whose purpose is to describe stacks [E.W. Dijkstra] Unfortunately, few cases are so clean as the classical example of ADT: a stack type. An abstract description make: STACK[G] push: STACK[G] G STACK[G] pop: STACK[G] top: STACK[G] STACK[G] G empty: STACK[G] BOOLEAN indicates partial functions: to restrict the domain we need to express some (pre-)conditions pop(s) requires empty(s) top(s) requires empty(s)
3 Stack axioms Sufficient completeness a. empty(make) b. empty(push(s, x)) c. top(push(s, x)) = x d. pop(push(s, x)) = s Can be used to calculate: top(pop(push(pop(push(push(pop(push(push(push(make, x 1 ), x 2 ), x )),- top(pop(push(push(make, x 4 ), x 5 )))), x 6 )), x 7 ))) x 4 However, not all well-formed expressions are correct: pop(make) An ADT specification for a type T is said to be sufficiently complete when: it is possible to establish correctness of any well-formed expression any correct expression can be computed to a value in a form not involving T Obviously enough, the specification is not useful if is not consistent: i.e., if it is able to give two different results with different derivations/computations. Proving completeness and/or consistency is in general undecidable. Stack is sufficiently complete Stack in Eiffel class library We can start by defining the weight of a Stack expression. weight(make) = 0 weight(push(s, x)) = weight(s) + 1 weight(pop(s)) = weight(s) 1 By mathematical induction is now possible to reason about the completeness. Looking at the Stack class in standard library can be a useful exercise... flatshort.html
4 Implementing ADTs /Concrete relationship 1 class STACK_ARRAYUP feature 4 make do 5 create rep.make_empty 6 end 7 empty: BOOLEAN do 8 Result := rep.is_empty 9 end 10 top: INTEGER 11 require not empty 12 do 1 Result := rep[rep.upper] 14 end 15 push (x:integer) do 16 rep.force(x, rep.upper + 1) 17 end 18 pop: INTEGER 19 require not empty 20 do 21 Result := top 22 rep.remove_tail(1) 2 end 24 feature {NONE} 25 rep: detachable ARRAY[INTEGER] 26 end 1 class STACK_LIST feature 4 make do 5 create rep.make 6 end 7 empty: BOOLEAN do 8 Result := rep.is_empty 9 end 10 top: INTEGER 11 require not empty 12 do 1 Result := rep.last 14 end 15 push (x:integer) do 16 rep.extend(x) 17 rep.finish 18 end 19 pop: INTEGER 20 require not empty 21 do 22 Result := top 2 rep.remove 24 end 25 feature {NONE} 26 rep: detachable LINKED_LIST[INTEGER] 27 end Object 1 a 1 f Object 2 a 2 abstraction Concrete Object 1 c1 feature abstraction Concrete Object 2 c2 To be consistent, this diagram must commute: if f (a 1 ) = a 2 then abstraction(c1.feature) = a 2 To the abstraction (partial) function corresponds a representation relation. Implementation invariants to Java Certain assertions appear in invariants although they have no direct counterparts in the abstract data type specifications. These assertions involve attributes, including some secret attributes which, by definition, would be meaningless in the abstract data type. There are several attempts to export to Java (considered more mainstream ). Using assertion and/or assertion libraries: poor support of the Including it in the language by exploiting special comments or Java attributes (code metadata): it is possible to take into account inheritance, etc.
5 example example = "DummyContract") 2 public class Dummy{ protected List m_stuff = new LinkedList(); 4 public int additem(object item){ 5 m_stuff.add(item); 6 return m_stuff.size(); 7 }} 8 public class DummyContract extends ContractBase<Dummy>{ 9 public DummyContract(Dummy target){ 10 super(target); 11 } 12 1 public void classinvariant(){ 14 assert m_target.m_stuff!= null; 15 } public void pre_additem(object item) { 18 super.setpreconditionvalue("list size", m_target.m_stuff.size()); 19 } public void post_additem(object item) { 22 assert m_target.m_stuff.contains(item); 2 int presize = super.getpreconditionvalue("list size"); 24 assert presize == m_target.m_stuff.size() 1; 25 assert m_target.m_stuff.size() == super.getreturnvalue(); 2} 1 import com.google.java.contract. ; "class invariant 1", 4 "class invariant 2" 5 }) 6 class MyClass { precondition") postcondition") 9 SomeType somemethod(...) { } "multi clause", 15 "precondition" 1) "SomeException", "exceptional postcondition" }) 18 AnotherType anothermethod(...) { } 21 } A pragmatic approach In general, since DbC is added, these frameworks suggest a more pragmatic (= open to compromise) use of the constructs. From documentation: Should you put a precondition on pop that forbids its invocation if the stack is empty? Well that depends. In the end it is a design question. 1 class ConservativeStack<T> { 2 public boolean isempty() {... } 5 public T pop() {... } 1 class LiberalRobustStack<T> { 2 public boolean isempty() {...} => result == null") 5 public T pop() {... } A more sophisticated approach is taken by : the Java Modeling Language (Leavens, 1999). A ing language: contracts are on s of code The abstraction function can be made explicit Rich assertion language \forall, nullable, assignable... 1 class LiberalStack<T> { 2 public boolean isempty() {...} "isempty()"}) 5 public T pop() {... }
6 Example example (concrete) 1 public class Account { 2 private int bal; 4 requires amt >= 0; ensures balance() == / 6 public Account(int amt) { 7 bal = amt; 8 } 9 10 requires amt > 0 && amt <= acc.balance() && acc!= null; ensures balance() == \old(balance()) + amt && acc.balance() == \old(acc.balance() / 1 public void transfer(int amt, Account acc) { 14 acc.withdraw(amt); 15 deposit(amt); //@ public invariant balance() >= 0; 19 public / int balance() { 20 return bal; 21 } 1 public class ArrayOps { 2 private / Object[] a; //@ public invariant 0 < a.length; 4 requires 0 < arr.length; ensures this.a == arr; / 7 public void init(object[] arr) { 8 this.a = arr; 9 } 10 } Modeling issues Stack example Can private fields be mentioned in public specifications? Can pre-conditions be hidden from clients? Similar questions for invariants introduces variables, used only in the specification. 1 public interface Gendered { 2 //@ public instance String gender; //@ ensures 4 result == gender.equals("female"); 5 public / boolean isfemale(); 7 8 public class Animal implements Gendered { 9 protected boolean gen; //@ in gender; 10 protected represents gender < (gen? "female" : "male"); / 1 public / boolean isfemale() { 14 return gen; 15 } 1 in is a keyword, meaning in which data group the variable falls. Model feature s group contains features used in its represents.
7 Syntactic sugar Ghost variables 1 protected / int feature = 0; 2 // Syntactic sugar for 4 5 //@ public int feature; 6 //@ protected int _feature = 0; //@ in feature; 7 //@ protected represents feature <- _feature; Sometimes one needs even specification-only data, without any represents clause. They are called ghost feature. 1 public class Object { 2 //@ public ghost Object owner = null; /... / 4 } 5 Assignment: 6 //@ set a.owner = this;
Programming with Contracts. Juan Pablo Galeotti, Alessandra Gorla Saarland University, Germany
Programming with Contracts Juan Pablo Galeotti, Alessandra Gorla Saarland University, Germany Contract A (formal) agreement between Method M (callee) Callers of M Rights Responsabilities Rights Responsabilities
More informationIntroduction to the Java Modeling Language
Introduction to the Java Modeling Language Modular Specification and Verification for Java Gary T. Leavens 1 Curtis Clifton 2 Hridesh Rajan 3 Robby 4 1 School of Electrical Engineering and Computer Science,
More informationJML. Outline. Métodos Formais em Engenharia de Software. MI, Braga these slides were prepared by adopting/adapting teaching material
Métodos Formais em Engenharia de Software JML José Carlos Bacelar Almeida Departamento de Informática Universidade do Minho MI, Braga 2008 Outline Design by Contract and JML Design by Contract Java Modeling
More informationClasses The Static Structure
Classes The Static Structure Abstract data types equipped with a possibly partial implementation 04-1 Style Rules Read page 180 Pick a style and stick to it Recommend that you use Eiffel style or close
More informationAdvanced JML Erik Poll Radboud University Nijmegen
JML p.1/23 Advanced JML Erik Poll Radboud University Nijmegen JML p.2/23 Core JML Remember the core JML keywords were requires ensures signals invariant non null pure \old, \forall, \result JML p.3/23
More informationAn Annotated Language
Hoare Logic An Annotated Language State and Semantics Expressions are interpreted as functions from states to the corresponding domain of interpretation Operators have the obvious interpretation Free of
More informationControl flow in Eiffel
Announcements Assignment will be posted this week.» We ll make sure you have enough time to it! A little more Eiffel, Genericity and ADTs Week 3, Lecture 4 January 16 Section N Review What is the definition
More informationJML Class Specifications The Java Modeling Language (Part 2) A Java Class
JML Class Specifications The Java Modeling Language (Part 2) Wolfgang Schreiner Wolfgang.Schreiner@risc.jku.at Research Institute for Symbolic Computation (RISC) Johannes Kepler University, Linz, Austria
More informationFormal Methods for Java
Formal Methods for Java Lecture 6: Introduction to JML Jochen Hoenicke Software Engineering Albert-Ludwigs-University Freiburg May 15, 2017 Jochen Hoenicke (Software Engineering) Formal Methods for Java
More informationThe Java Modeling Language (Part 2)
The Java Modeling Language (Part 2) Wolfgang Schreiner Wolfgang.Schreiner@risc.jku.at Research Institute for Symbolic Computation (RISC) Johannes Kepler University, Linz, Austria http://www.risc.jku.at
More informationTest-Driven Development (TDD)
Test-Driven Development (TDD) EECS3311 A: Software Design Fall 2018 CHEN-WEI WANG DbC: Supplier DbC is supported natively in Eiffel for supplier: class ACCOUNT create make feature -- Attributes owner :
More informationAbstract Data Types Documentation
Abstract Data Types Documentation ADT-doc-1 Documentation Users are only interested in the properties of the ADT Programmers and designers require all the information which a user needs AND all information
More informationAdvanced JML. and more tips and pitfalls. David Cok, Joe Kiniry, and Erik Poll
Advanced JML and more tips and pitfalls David Cok, Joe Kiniry, and Erik Poll Eastman Kodak Company, University College Dublin, and Radboud University Nijmegen David Cok, Joe Kiniry & Erik Poll - ESC/Java2
More informationThe Use of JML in Embedded Real-Time Systems
The Use of JML in Embedded Real-Time Systems Joseph Kiniry Technical University of Denmark JTRES 2012 24 October 2012 Acknowledgements Some content based on an OOPSLA tutorial by: Gary T. Leavens, Curtis
More informationOverview The Java Modeling Language (Part 1) Related Work
Overview The Java Modeling Language (Part 1) Wolfgang Schreiner Wolfgang.Schreiner@risc.jku.at Research Institute for Symbolic Computation (RISC) Johannes Kepler University, Linz, Austria http://www.risc.jku.at
More informationOutline. iterator review iterator implementation the Java foreach statement testing
Outline iterator review iterator implementation the Java foreach statement testing review: Iterator methods a Java iterator only provides two or three operations: E next(), which returns the next element,
More informationTesting, Debugging, and Verification
Testing, Debugging, and Verification Formal Specification, Part II Srinivas Pinisetty 23 November 2017 Introduction Today: Introduction to Dafny: An imperative language with integrated support for formal
More informationJML s Rich, Inherited Specifications for Behavioral Subtypes
JML s Rich, Inherited Specifications for Behavioral Subtypes Gary T. Leavens TR #06-22 August 11, 2006 Keywords: Supertype abstraction, behavioral subtype, behavioral subtyping, modularity, specification
More informationThe Java Modeling Language JML
The Java Modeling Language JML Néstor Cataño ncatano@puj.edu.co Faculty of Engineering Pontificia Universidad Javeriana The Java Modelling Language JML p.1/47 Lecture Plan 1. An Introduction to JML 2.
More informationFormal Specification and Verification
Formal Specification and Verification Formal Specification, Part III Bernhard Beckert Adaptation of slides by Wolfgang Ahrendt Chalmers University, Gothenburg, Sweden Formal Specification and Verification:
More informationClasses! The Static Structure!
Classes The Static Structure Abstract data types equipped with a possibly partial implementation 04-1 Style Rules Pick a style and stick to it Recommend that you use Eiffel style or close approximation»
More informationRigorous Software Development CSCI-GA
Rigorous Software Development CSCI-GA 3033-009 Instructor: Thomas Wies Spring 2013 Lecture 6 Disclaimer. These notes are derived from notes originally developed by Jochen Hoenicke. They are copyrighted
More informationAssertions. Assertions - Example
References: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 11/13/2003 1 Assertions Statements about input to a routine or state of a class Have two primary roles As documentation,
More informationJUnit Testing Framework Architecture
JUnit Testing Framework Architecture Unit under test (usually a class or a small number of classes) Test environment (fixture) Program state (e.g., some collection of variables/objects that will be used
More informationSoftware Architecture. Abstract Data Types
Software Architecture Abstract Data Types Mathematical description An ADT is a mathematical specification Describes the properties and the behavior of instances of this type Doesn t describe implementation
More informationSyntax of Eiffel: a Brief Overview
Syntax of Eiffel: a Brief Overview EECS3311 A: Software Design Fall 2018 CHEN-WEI WANG Escape Sequences Escape sequences are special characters to be placed in your program text. In Java, an escape sequence
More informationA Fitness Function to Find Feasible Sequences of Method Calls for Evolutionary Testing of Object-Oriented Programs
A Fitness Function to Find Feasible Sequences of Method Calls for Evolutionary Testing of Object-Oriented Programs Myoung Yee Kim and Yoonsik Cheon TR #7-57 November 7; revised January Keywords: fitness
More informationCommands, and Queries, and Features. Syntax of Eiffel: a Brief Overview. Escape Sequences. Naming Conventions
Commands, and Queries, and Features Syntax of Eiffel: a Brief Overview EECS3311 A: Software Design Fall 2018 CHEN-WEI WANG In a Java class: Attributes: Data Mutators: Methods that change attributes without
More informationFormal Methods for Java
Formal Methods for Java Lecture 5: JML and Abstract Data Types Jochen Hoenicke Software Engineering Albert-Ludwigs-University Freiburg November 9, 2011 Jochen Hoenicke (Software Engineering) Formal Methods
More informationSpecification tips and pitfalls
Specification tips and pitfalls David Cok, Joe Kiniry, and Erik Poll Eastman Kodak Company, University College Dublin, and Radboud University Nijmegen David Cok, Joe Kiniry & Erik Poll - ESC/Java2 & JML
More informationFormal Methods for Java
Formal Methods for Java Lecture 30: Conclusion Jochen Hoenicke Software Engineering Albert-Ludwigs-University Freiburg Feb 17, 2012 Jochen Hoenicke (Software Engineering) FM4J Feb 17, 2012 1 / 21 Topics
More informationFormal Specification and Verification
Formal Specification and Verification Proof Obligations Bernhard Beckert Based on a lecture by Wolfgang Ahrendt and Reiner Hähnle at Chalmers University, Göteborg Formal Specification and Verification:
More informationLecture 10 Design by Contract
CS 5959 Writing Solid Code Fall 2015 Nov-23 Lecture 10 Design by Contract Zvonimir Rakamarić University of Utah Design by Contract Also called assume-guarantee reasoning Developers annotate software components
More informationData abstractions: ADTs Invariants, Abstraction function. Lecture 4: OOP, autumn 2003
Data abstractions: ADTs Invariants, Abstraction function Lecture 4: OOP, autumn 2003 Limits of procedural abstractions Isolate implementation from specification Dependency on the types of parameters representation
More informationUniverse Type System for Eiffel. Annetta Schaad
Universe Type System for Eiffel Annetta Schaad Semester Project Report Software Component Technology Group Department of Computer Science ETH Zurich http://sct.inf.ethz.ch/ SS 2006 Supervised by: Dipl.-Ing.
More informationAbstract Data Types! Documentation!
! Abstract Data Types! Documentation! 13-1! Documentation! Users are only interested in the properties of the ADT! Programmers and designers require all the information which a user needs AND all information
More informationThe Java Modeling Language (Part 1)
The Java Modeling Language (Part 1) Wolfgang Schreiner Wolfgang.Schreiner@risc.jku.at Research Institute for Symbolic Computation (RISC) Johannes Kepler University, Linz, Austria http://www.risc.jku.at
More informationQueues. Stacks and Queues
Queues Reading: RS Chapter 14 Slides are modified from those provided by Marty Stepp www.buildingjavaprograms.com 1 Stacks and Queues Sometimes a less powerful, but highly optimized collection is useful.
More informationProperty Specifications
Property Specifications Jim Browne Table of Contents Overview Temporal Logics Specification Patterns The major part of this lecture is taken from slides by David Garlan 9/4/2008 Unification of Verification
More informationUC Santa Barbara. CS189A - Capstone. Christopher Kruegel Department of Computer Science UC Santa Barbara
CS189A - Capstone Christopher Kruegel Department of Computer Science http://www.cs.ucsb.edu/~chris/ Design by Contract Design by Contract and the language that implements the Design by Contract principles
More informationAlgorithms and Data Structures
Algorithms and Data Structures Data Types Marius Kloft Content of this Lecture Example Abstract Data Types Lists, Stacks, and Queues Realization in Java Marius Kloft: Alg&DS, Summer Semester 2016 2 Problem
More informationFormal Methods for Software Development
Formal Methods for Software Development Java Modeling Language, Part II Wolfgang Ahrendt 29 September 2017 FMSD: Java Modeling Language /GU 171029 1 / 62 JML Modifiers JML extends the JAVA modifiers by
More informationData Structures. BSc in Computer Science University of New York, Tirana. Assoc. Prof. Marenglen Biba 1-1
Data Structures BSc in Computer Science University of New York, Tirana Assoc. Prof. Marenglen Biba 1-1 General info Course : Data Structures (3 credit hours) Instructor : Assoc. Prof. Marenglen Biba Office
More informationJava Modeling Language (JML)
CIS 771: Software Specifications Introduction to JML Java Modeling Language (JML) A behavioral interface specification language for Java supporting design-by-contract (DBC)... invented by Gary T. Leavens
More information1. Quality issues (5 points)
ETH Zurich Computer Science Course: Advanced Topics in Object Technology, by Bertrand Meyer Summer semester 2003 Exam (prepared by Karine Arnout) 2 July 2003 10:00 to 12:00 Name:.. Id-Nr:.. No notes, computers,
More informationFormale Entwicklung objektorientierter Software
Formale Entwicklung objektorientierter Software Praktikum im Wintersemester 2008/2009 Prof. P. H. Schmitt Christian Engel, Benjamin Weiß Institut für Theoretische Informatik Universität Karlsruhe 5. November
More informationUnderstanding an ADT implementation: Abstraction functions
Understanding an ADT implementation: Abstraction functions CSE 331 University of Washington Michael Ernst Review: Connecting specifications and implementations Representation invariant: Object boolean
More informationAdding Contracts to C#
Adding Contracts to C# Peter Lagace ABSTRACT Design by contract is a software engineering technique used to promote software reliability. In order to use design by contract the selected programming language
More informationObject-Oriented Software Construction
1 Object-Oriented Software Construction Bertrand Meyer Reading assignment 2 OOSC2 Chapter 10: Genericity 3 Lecture 4: Abstract Data Types Abstract Data Types (ADT 4 Why use the objects? The need for data
More informationAmbientes de Desenvolvimento Avançados
Ambientes de Desenvolvimento Avançados http://www.dei.isep.ipp.pt/~jtavares/adav/adav.htm Aula 6 Engenharia Informática 2006/2007 José António Tavares jrt@isep.ipp.pt 1 Components and Interfaces Part 2
More informationProgram Verification (6EC version only)
Program Verification (6EC version only) Erik Poll Digital Security Radboud University Nijmegen Overview Program Verification using Verification Condition Generators JML a formal specification language
More informationReminder of the last lecture. Aliasing Issues: Call by reference, Pointer programs. Introducing Aliasing Issues. Home Work from previous lecture
Reminder of the last lecture Aliasing Issues: Call by reference, Pointer programs Claude Marché Cours MPRI 2-36-1 Preuve de Programme 18 janvier 2017 Additional features of the specification language Abstract
More informationReferences: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 10/14/2004 1
References: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 10/14/2004 1 Assertions Statements about input to a routine or state of a class Have two primary roles As documentation,
More informationDesign by Contract and JML: concepts and tools
Métodos Formais em Engenharia de Software Design by Contract and JML: concepts and tools José Carlos Bacelar Almeida Departamento de Informática Universidade do Minho MI/MEI 2008/2009 1 Talk Outline Design
More informationDesign by Contract in Eiffel
Design by Contract in Eiffel 2002/04/15 ctchen@canthink.com.com.tw.tw Reference & Resource Bertrand Meyer, Object-Oriented Oriented Software Construction 2nd,, 1997, PH. Bertrand Meyer, Eiffel: The Language,,
More informationAbstract Data Types (ADTs), Classes, and Objects
Abstract Data Types (ADTs), Classes, and Objects Readings: OOSC2 Chapters 6, 7, 8 EECS3311: Software Design Fall 2017 CHEN-WEI WANG Abstract Data Type (ADT) abstract implementation details are not specified!
More informationFormal Systems II: Applications
Formal Systems II: Applications Functional Verification of Java Programs: Java Dynamic Logic Bernhard Beckert Mattias Ulbrich SS 2017 KIT INSTITUT FÜR THEORETISCHE INFORMATIK KIT University of the State
More informationLecture 10 Notes Linked Lists
Lecture 10 Notes Linked Lists 15-122: Principles of Imperative Computation (Spring 2016) Frank Pfenning, Rob Simmons, André Platzer 1 Introduction In this lecture we discuss the use of linked lists to
More informationObject Ownership in Program Verification
Object Ownership in Program Verification Werner Dietl 1 and Peter Müller 2 1 University of Washington wmdietl@cs.washington.edu 2 ETH Zurich peter.mueller@inf.ethz.ch Abstract. Dealing with aliasing is
More informationFrom Data Structures to Abstract Data Types (ADTs)
From Data Structures to Abstract Data Types (ADTs) 1 Data Collections As our programs become more sophisticated, we need assistance : to organize large amounts of data to manage relationships among individual
More informationCS : Data Structures
CS 600.226: Data Structures Michael Schatz Sept 23, 2016 Lecture 9: Stacks Assignment 3: Due Sunday Sept 25 @ 10pm Remember: javac Xlint:all & checkstyle *.java & JUnit Solutions should be independently
More informationAssertions, pre/postconditions
Programming as a contract Assertions, pre/postconditions Assertions: Section 4.2 in Savitch (p. 239) Specifying what each method does q Specify it in a comment before method's header Precondition q What
More information3. Design by Contract
3. Design by Contract Oscar Nierstrasz Design by Contract Bertrand Meyer, Touch of Class Learning to Program Well with Objects and Contracts, Springer, 2009. 2 Roadmap > Contracts > Stacks > Design by
More informationSoftware Development. Modular Design and Algorithm Analysis
Software Development Modular Design and Algorithm Analysis Precondition and Postcondition To create a good algorithm, a programmer must be able to analyse a precondition (starting state) and a postcondition
More informationLecture 7: Data Abstractions
Lecture 7: Data Abstractions Abstract Data Types Data Abstractions How to define them Implementation issues Abstraction functions and invariants Adequacy (and some requirements analysis) Towards Object
More informationJML tool-supported specification for Java Erik Poll Radboud University Nijmegen
JML tool-supported specification for Java Erik Poll Radboud University Nijmegen Erik Poll - JML p.1/41 Overview The specification language JML Tools for JML, in particular runtime assertion checking using
More informationSingleton Pattern: Motivation. Design Patterns: Singleton and Iterator. What are design patterns? Shared Data through Inheritance
Singleton Pattern: Motivation Design Patterns: Singleton and Iterator EECS3311: Software Design Fall 2017 CHEN-WEI WANG Consider two problems: 1. Bank accounts share a set of data. e.g., interest and exchange
More informationLecture 10 Notes Linked Lists
Lecture 10 Notes Linked Lists 15-122: Principles of Imperative Computation (Summer 1 2015) Frank Pfenning, Rob Simmons, André Platzer 1 Introduction In this lecture we discuss the use of linked lists to
More informationAutomated Random Testing to Detect Specification-Code Inconsistencies
Automated Random Testing to Detect Specification-Code Inconsistencies Yoonsik Cheon TR #07-07 February 2007; revised March 2007 Keywords: random testing, test data generator, test oracle, pre and postconditions,
More informationSubclassing for ADTs Implementation
Object-Oriented Design Lecture 8 CS 3500 Fall 2009 (Pucella) Tuesday, Oct 6, 2009 Subclassing for ADTs Implementation An interesting use of subclassing is to implement some forms of ADTs more cleanly,
More informationObject Oriented Program Correctness with OOSimL
Kennesaw State University DigitalCommons@Kennesaw State University Faculty Publications 12-2009 Object Oriented Program Correctness with OOSimL José M. Garrido Kennesaw State University, jgarrido@kennesaw.edu
More informationCSC Advanced Object Oriented Programming, Spring Specification
CSC 520 - Advanced Object Oriented Programming, Spring 2018 Specification Specification A specification is an unambiguous description of the way the components of the software system should be used and
More informationInheritance. Transitivity
Inheritance Classes can be organized in a hierarchical structure based on the concept of inheritance Inheritance The property that instances of a sub-class can access both data and behavior associated
More informationJAVA BASICS II. Example: FIFO
JAVA BASICS II Example: FIFO To show how simple data structures are built without pointers, we ll build a doubly-linked list ListItem class has some user data first refers to that ListItem object at the
More informationLecture Notes on Queues
Lecture Notes on Queues 15-122: Principles of Imperative Computation Frank Pfenning and Jamie Morgenstern Lecture 9 February 14, 2012 1 Introduction In this lecture we introduce queues as a data structure
More informationData Structures and Algorithms. Roberto Sebastiani
Data Structures and Algorithms Roberto Sebastiani roberto.sebastiani@disi.unitn.it http://www.disi.unitn.it/~rseba - Week 05 - B.S. In Applied Computer Science Free University of Bozen/Bolzano academic
More informationLecture Notes on Contracts
Lecture Notes on Contracts 15-122: Principles of Imperative Computation Frank Pfenning Lecture 2 August 30, 2012 1 Introduction For an overview the course goals and the mechanics and schedule of the course,
More informationCOMP 250. Lecture 32. polymorphism. Nov. 25, 2016
COMP 250 Lecture 32 polymorphism Nov. 25, 2016 1 Recall example from lecture 30 class String serialnumber Person owner void bark() {print woof } : my = new (); my.bark();?????? extends extends class void
More informationVerifying JML specifications with model fields
Verifying JML specifications with model fields Cees-Bart Breunesse and Erik Poll Department of Computer Science, University of Nijmegen Abstract. The specification language JML (Java Modeling Language)
More informationWhat This Course Is About Design-by-Contract (DbC)
What This Course Is About Design-by-Contract (DbC) Readings: OOSC2 Chapter 11 EECS3311 A: Software Design Fall 2018 CHEN-WEI WANG Focus is design Architecture: (many) inter-related modules Specification:
More informationDesigning Robust Classes
Designing Robust Classes Learning Goals You must be able to:! specify a robust data abstraction! implement a robust class! design robust software! use Java exceptions Specifications and Implementations
More informationHoare Logic and Model Checking
Hoare Logic and Model Checking Kasper Svendsen University of Cambridge CST Part II 2016/17 Acknowledgement: slides heavily based on previous versions by Mike Gordon and Alan Mycroft Introduction In the
More informationWhy Design by Contract! CS 619 Introduction to OO Design and Development. Design by Contract. Fall 2012
Why Design by Contract What s the difference with Testing? CS 619 Introduction to OO Design and Development Design by Contract Fall 2012 Testing tries to diagnose (and cure) defects after the facts. Design
More informationRepresentation Invariants and Abstraction Functions
Representation Invariants and Abstraction Functions Outline Reasoning about ADTs Representation invariants (rep invariants) Representation exposure Checking rep invariants Abstraction functions CSCI 2600
More informationSoftware Architecture Bertrand Meyer. Lecture 3: Language constructs for modularity and information hiding
Software Architecture Bertrand Meyer Last update: 3 April 2007 ETH Zurich, March-July 2007 Lecture 3: Language constructs for modularity and information hiding Ilinca Ciupa Overview Review of modularity
More informationJava: advanced object-oriented features
Chair of Software Engineering Carlo A. Furia, Marco Piccioni, Bertrand Meyer Java: advanced object-oriented features Chair of Software Engineering Carlo A. Furia, Marco Piccioni, Bertrand Meyer Packages
More informationIntroduction to JML David Cok, Joe Kiniry, and Erik Poll Eastman Kodak Company, University College Dublin, and Radboud University Nijmegen
Introduction to JML David Cok, Joe Kiniry, and Erik Poll Eastman Kodak Company, University College Dublin, and Radboud University Nijmegen David Cok, Joe Kiniry & Erik Poll - ESC/Java2 & JML Tutorial p.1/30
More informationEXAMINATIONS 2009 MID-TERM TEST. COMP 202 / SWEN 202 Formal Methods of Computer Science / Formal Foundations of Software Engineering WITH ANSWERS
T E W H A R E W Ā N A N G A O T E Ū P O K O O T E I K A A M Ā U I VUW V I C T O R I A UNIVERSITY OF WELLINGTON Time Allowed: 90 minutes EXAMINATIONS 2009 MID-TERM TEST COMP 202 / SWEN 202 Formal Methods
More informationHoare Logic and Model Checking. A proof system for Separation logic. Introduction. Separation Logic
Introduction Hoare Logic and Model Checking In the previous lecture we saw the informal concepts that Separation Logic is based on. Kasper Svendsen University of Cambridge CST Part II 2016/17 This lecture
More informationCSE 331 Midterm Exam Sample Solution 2/18/15
Question 1. (10 points) (Forward reasoning) Using forward reasoning, write an assertion in each blank space indicating what is known about the program state at that point, given the precondition and the
More informationIntroduction to contract programming
Introduction to contract programming Lukasz Ziobroń Nokia Code Dive Community, 2015 Agenda 1 Problematic examples 2 DbC Theory 3 Language support 4 Own C++ DbC implementation 5 Summary Ariane 5 mission
More informationBOBJ: A Quickstart for Software Engineers
BOBJ: A Quickstart for Software Engineers Lutz Hamel Dept. of Computer Science and Statistics University of Rhode Island Kingston, RI 02881 hamel@cs.uri.edu DRAFT 12/7/03 Getting Started BOBJ is a specification
More informationPlease note that if you write the mid term in pencil, you will not be allowed to submit a remark request.
University of Toronto CSC148 Introduction to Computer Science Fall 2001 Mid Term Test Section L5101 Duration: 50 minutes Aids allowed: none Make sure that your examination booklet has 8 pages (including
More informationHoare logic. A proof system for separation logic. Introduction. Separation logic
Introduction Hoare logic Lecture 6: Examples in separation logic In the previous lecture, we saw how reasoning about pointers in Hoare logic was problematic, which motivated introducing separation logic.
More informationDesign-by-Contract (Dbc) Test-Driven Development (TDD)
Design-by-Contract (Dbc) Test-Driven Development (TDD) Readings: OOSC2 Chapter 11 EECS3311: Software Design Fall 2017 CHEN-WEI WANG Terminology: Contract, Client, Supplier A supplier implements/provides
More informationOOP Design by Contract. Carsten Schuermann Kasper Østerbye IT University Copenhagen
OOP Design by Contract Carsten Schuermann Kasper Østerbye IT University Copenhagen 1 Today's schedule Design by Contract why the term contract what design issue is captured, and why bother what is a pre-condition
More informationAssertions & Design-by-Contract using JML Erik Poll University of Nijmegen
Assertions & Design-by-Contract using JML Erik Poll University of Nijmegen Erik Poll - JML p.1/39 Overview Assertions Design-by-Contract for Java using JML Contracts and Inheritance Tools for JML Demo
More informationCPSC 221: Algorithms and Data Structures Lecture #1: Stacks and Queues
CPSC 221: Algorithms and Data Structures Lecture #1: Stacks and Queues Alan J. Hu (Slides borrowed from Steve Wolfman) Be sure to check course webpage! http://www.ugrad.cs.ubc.ca/~cs221 1 Lab 1 is available.
More informationRepresentation Invariant, Abstraction Function
CS 247: Software Engineering Principles Representation Invariant, Abstraction Function Reading: Barbara Liskov and John Guttag, Program Development in Java: Abstraction, Specification, and Object Oriented
More informationVerification in Coq. Prof. Clarkson Fall Today s music: Check Yo Self by Ice Cube
Verification in Coq Prof. Clarkson Fall 2017 Today s music: Check Yo Self by Ice Cube Review Previously in 3110: Functional programming in Coq Logic in Coq Curry-Howard correspondence (proofs are programs)
More information