Assertions. Assertions - Example
|
|
- Rudolph Jayson Ferguson
- 5 years ago
- Views:
Transcription
1 References: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 11/13/ Assertions Statements about input to a routine or state of a class Have two primary roles As documentation, they express valid ways of using a routine or class When implemented, help to isolate runtime errors 11/13/ Assertions - Example public class SimpleStack { //Assertion: this method should only be called when the stack is not empty public int pop() { if (size() <= 0) { throw new Stackexception( pop() called on an empty stack ); return data[--top]; Implements the assertion //Assertion: this method returns the number of elements on the s tack public int size() { return top; Documents the routine 11/13/
2 Assertions Assertions are an unambiguous way to document a routine; thus, assertions can be checked at runtime Originally part of Java (then called Oak), but omitted from spec in order to meet deadline Popularized by Bertrand Meyer(1992) and directly supported by the language Eiffel. Boolean expressions attached to methods Test the state of an object at various points during execution, ensuring that certain conditions are satisfied Automatically inherited and enforced by subclasses even when actual methods are overridden 11/13/ Assertions Meyer proposed idea of Design by Contract assertions form a contract between client and service provider software contracts are specified by pre- and post-conditions and class invariants Failure to meet the contract terms indicates a bug (fault) 11/13/ Design by Contract Violation of a pre-condition means the contract was broken by the client The contractor does not have to fulfill its part of the contract, but may raise an exception to signal the fault Violation of a post-condition indicates the presence of a bug in the implementation of the routine 11/13/
3 Preconditions A condition that must be true before a method executes Documents the assumptions of the author of the routine Clients of the method are responsible for ensuring the preconditions are met on entrance to the method; if they are not, then the method behavior is undefined Must be verifiable by the client using the public interface of the class that contains the method Client should be able to verify the preconditions from the current state of the object 11/13/ Preconditions public class BankAccount { public void deposit (float amount) {... Precondition is invalid: no way of verifying the precondition from the current state of the object //Pre-condition: amount <= current balance public void withdraw (float amount) {... This assumes that there is no method to return current balance. 11/13/ Postconditions Condition that will be true after a method executes Author of the method is responsible for ensuring the method s post-conditions are met Author of the method must only ensure the post-conditions of a method are true when the pre-conditions of the method have been met 11/13/
4 Postconditions May be expressed in terms of the public interface and/or the private implementation Post-condition expressed in terms of the public interface is of interest to clients Post-condition expressed in terms of the private interface is of interest to programmers maintaining the routine 11/13/ Invariants An invariant is an expression about an object that must be true when the object is in a stable state. An object is in a stable state after construction and between public method calls. Notice that pre- and post-conditions are statements about the behavior of a method, while invariants are statements about the state of an object. Because invariants are true after construction and between public method calls, the class is responsible for maintaining invariants. 11/13/ Invariants Invariants are also expressed in terms of the public interface and/or the private implementation Invariants are true for the current public methods of a class and any new methods that are added in the future If a new public routine is allowed to violate an invariant, it may leave the object in an unstable state for another public method. 11/13/
5 Example // Invariant: 0 <= size() <= capacity() public class SimpleStack { // Pre-condition: The stack is not // empty // Post-condition: The last integer // pushed onto the stack is // returned. The stack size // is reduced by one // element. public int pop() { return data[--top]; // Pre-condition: <none> // Post-condition: The number of // elements in the stack are returned public int size() { return top; // Pre-condition: <none> // Post-condition: The capacity of // the stack is returned public int capacity() { return capacity;... Example showing a pre-condition, post-condition, and invariant. 11/13/2003 None of the assertions are checked at runtime. 13 Pre- and Post-condition strength The strength of a pre- or post-condition is a measure of its restrictiveness. A strong pre- or post-condition is more restrictive than a weaker one. For example, a function that only accepts integers is more restrictive (has a stronger precondition) than one that accepts any real number. The weakest pre- or post-condition is no pre- or post-condition at all. 11/13/ Example 1: Binary Search public class Arrays {... // Pre-condition: the array 'a' is sorted in ascending //order // Post-condition: Returns the index of the first element in // array 'a' equal to 'key' if one exists, otherwise returns // -1 as an indication that the parameter 'key' is not an // element of the array. public static int binarysearch(int[] a, int key);... Duplicates allowed 11/13/
6 Example 2: Binary Search A stronger pre-condition is one that is more restrictive or narrows the range of acceptable inputs. The original definition of the binary search method allowed duplicate elements. The following is a stronger pre-condition: // Pre-condition: the array 'a' is sorted in // ascending order, and doesn't contain any // duplicate elements 11/13/ Example 3 : Binary Search We could weaken the post-condition of the original definition by allowing the routine to return any negative number if the key is not found: // Post-condition: Returns the index of the first // element in array 'a' equal to 'key' if one exists, // otherwise returns any negative number as an // indication that the parameter 'key' is not an // element of the array. This post-condition is weaker because there is a greater number of outputs that are valid. 11/13/ Strength of Assertions Reason for making the pre-condition stronger or the post-condition weaker than what the routine would suggest: Flexibility. A stronger pre-condition and a weaker postcondition give you the flexibility to change the implementation in the future without changing the interface and possibly breaking clients. Flexibility comes at the expense of the client. The client now has to work harder to maintain the pre-condition and to be prepared for the post-condition. 11/13/
7 Strength of Assertions When defining the pre- and post-conditions for a routine, need balance. Consider how much implementation flexibility is needed in the routine and how much additional burden it is for the client for a given amount of flexibility. Pre-conditions should be strong enough and postconditions should be weak enough to allow flexibility, but not too strong or too weak that it places an unreasonable burden on the client. 11/13/ Benefits of Assertion Checking Assertion checking at runtime is a debugging aid. The primary purpose of assertion checking at runtime is to identify and isolate runtime errors. Finding a runtime error in a large software system is difficult. The difficulty grows more than linearly with the size of the system. For example, if the size of a system doubles it will be more than twice as hard to find a runtime error. 11/13/ Benefits of Assertion Checking Part of the problem is that the fault (such as a wrong number on a report) is often a long distance from the defect (such as not reading the last record during the input loop). distance can be the number of instructions executed at runtime or physical distance between static instructions in the written program. The greater the distance between a fault and the defect the harder it will be to find a defect that caused a specific fault. The traditional way of debugging a problem is to start at the fault and work your way back to the defect. Because of conditional branching in code, as you work backwards the number of source branches you need to consider grows exponentially. 11/13/
8 Benefits of Assertion Checking In this conceptual image, there are 10 potential source paths for the visible fault. Assertion checking helps to identify errors early, closer to the defect that caused them. Assertion checking may identify errors that would have otherwise gone undetected. 11/13/
References: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 10/14/2004 1
References: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 10/14/2004 1 Assertions Statements about input to a routine or state of a class Have two primary roles As documentation,
More informationa correct statement? You need to know what the statement is supposed to do.
Using assertions for correctness How can we know that software is correct? It is only correct if it does what it is supposed to do. But how do we know what it is supposed to do? We need a specification.
More informationCSC Advanced Object Oriented Programming, Spring Specification
CSC 520 - Advanced Object Oriented Programming, Spring 2018 Specification Specification A specification is an unambiguous description of the way the components of the software system should be used and
More information17. Assertions. Outline. Built-in tests. Built-in tests 3/29/11. Jelle Slowack, Bart Smets, Glenn Van Loon, Tom Verheyen
17. Assertions Jelle Slowack, Bart Smets, Glenn Van Loon, Tom Verheyen Outline Introduction (BIT, assertion, executable assertion, why?) Implementation-based vs responsability-based assertions Implementation
More information17. Assertions. Jelle Slowack, Bart Smets, Glenn Van Loon, Tom Verheyen
17. Assertions Jelle Slowack, Bart Smets, Glenn Van Loon, Tom Verheyen Outline Introduction (BIT, assertion, executable assertion, why?) Implementation-based vs responsability-based assertions Implementation
More informationAssertions, pre/postconditions
Programming as a contract Assertions, pre/postconditions Assertions: Section 4.2 in Savitch (p. 239) Specifying what each method does q Specify it in a comment before method's header Precondition q What
More informationReadability [Skrien 4.0] Programs must be written for people to read, and only incidentally for machines to execute.
Readability [Skrien 4.0] Programs must be written for people to read, and only incidentally for machines to execute. Abelson & Sussman Use a good set of coding conventions, such as the ones given in the
More informationAdding Contracts to C#
Adding Contracts to C# Peter Lagace ABSTRACT Design by contract is a software engineering technique used to promote software reliability. In order to use design by contract the selected programming language
More informationWhy Design by Contract! CS 619 Introduction to OO Design and Development. Design by Contract. Fall 2012
Why Design by Contract What s the difference with Testing? CS 619 Introduction to OO Design and Development Design by Contract Fall 2012 Testing tries to diagnose (and cure) defects after the facts. Design
More informationAssertions & Design-by-Contract using JML Erik Poll University of Nijmegen
Assertions & Design-by-Contract using JML Erik Poll University of Nijmegen Erik Poll - JML p.1/39 Overview Assertions Design-by-Contract for Java using JML Contracts and Inheritance Tools for JML Demo
More informationCSE 331. Programming by contract: pre/post conditions; Javadoc
CSE 331 Programming by contract: pre/post conditions; Javadoc slides created by Marty Stepp based on materials by M. Ernst, S. Reges, D. Notkin, R. Mercer, Wikipedia http://www.cs.washington.edu/331/ 1
More informationSoftware Architecture. Abstract Data Types
Software Architecture Abstract Data Types Mathematical description An ADT is a mathematical specification Describes the properties and the behavior of instances of this type Doesn t describe implementation
More informationMSO Lecture Design by Contract"
1 MSO Lecture Design by Contract" Wouter Swierstra (adapted by HP, AL) October 8, 2018 2 MSO SO FAR Recap Abstract Classes UP & Requirements Analysis & UML OO & GRASP principles Design Patterns (Facade,
More informationSoftware Engineering Testing and Debugging Testing
Software Engineering Testing and Debugging Testing Prof. Dr. Peter Thiemann Universitt Freiburg 08.06.2011 Recap Testing detect the presence of bugs by observing failures Debugging find the bug causing
More informationWhat This Course Is About Design-by-Contract (DbC)
What This Course Is About Design-by-Contract (DbC) Readings: OOSC2 Chapter 11 EECS3311 A: Software Design Fall 2018 CHEN-WEI WANG Focus is design Architecture: (many) inter-related modules Specification:
More informationSelf-checking software insert specifications about the intent of a system
Assertions Reading assignment A. J. Offutt, A Practical System for Mutation Testing: Help for the Common Programmer, Proceedings of the 12th International Conference on Testing Computer Software, Washington,
More informationAXIOMS OF AN IMPERATIVE LANGUAGE PARTIAL CORRECTNESS WEAK AND STRONG CONDITIONS. THE AXIOM FOR nop
AXIOMS OF AN IMPERATIVE LANGUAGE We will use the same language, with the same abstract syntax that we used for operational semantics. However, we will only be concerned with the commands, since the language
More informationCatching Defects: Design or Implementation Phase? Design-by-Contract (Dbc) Test-Driven Development (TDD) Motivation of this Course
Design-by-Contract (Dbc) Test-Driven Development (TDD) Readings: OOSC2 Chapter 11 Catching Defects: Design or Implementation Phase? To minimize development costs, minimize software defects. The cost of
More informationSoftware Engineering
Software Engineering Lecture 13: Testing and Debugging Testing Peter Thiemann University of Freiburg, Germany SS 2014 Recap Recap Testing detect the presence of bugs by observing failures Recap Testing
More informationDesign by Contract in Eiffel
Design by Contract in Eiffel 2002/04/15 ctchen@canthink.com.com.tw.tw Reference & Resource Bertrand Meyer, Object-Oriented Oriented Software Construction 2nd,, 1997, PH. Bertrand Meyer, Eiffel: The Language,,
More informationChapter 1: Programming Principles
Chapter 1: Programming Principles Object Oriented Analysis and Design Abstraction and information hiding Object oriented programming principles Unified Modeling Language Software life-cycle models Key
More informationUC Santa Barbara. CS189A - Capstone. Christopher Kruegel Department of Computer Science UC Santa Barbara
CS189A - Capstone Christopher Kruegel Department of Computer Science http://www.cs.ucsb.edu/~chris/ Design by Contract Design by Contract and the language that implements the Design by Contract principles
More informationType Hierarchy. Comp-303 : Programming Techniques Lecture 9. Alexandre Denault Computer Science McGill University Winter 2004
Type Hierarchy Comp-303 : Programming Techniques Lecture 9 Alexandre Denault Computer Science McGill University Winter 2004 February 16, 2004 Lecture 9 Comp 303 : Programming Techniques Page 1 Last lecture...
More informationSpecifications. CSE 331 Spring 2010
Specifications CSE 331 Spring 2010 The challenge of scaling software Small programs are simple and malleable easy to write easy to change Big programs are (often) complex and inflexible hard to write hard
More informationJAVA BASICS II. Example: FIFO
JAVA BASICS II Example: FIFO To show how simple data structures are built without pointers, we ll build a doubly-linked list ListItem class has some user data first refers to that ListItem object at the
More informationSoftware Development. Modular Design and Algorithm Analysis
Software Development Modular Design and Algorithm Analysis Precondition and Postcondition To create a good algorithm, a programmer must be able to analyse a precondition (starting state) and a postcondition
More informationCS 617 Object Oriented Systems Lecture 3 Object Abstractions, Encapsulation, Abstract Data Types 3:30-5:00pm Thu, Jan 10
The Object Abstraction CS 617 Object Oriented Systems Lecture 3 Object Abstractions,, Abstract Data Types 3:30-5:00pm Thu, Jan 10 Rushikesh K Joshi Department of Computer Science and Engineering Indian
More informationJava: advanced object-oriented features
Chair of Software Engineering Carlo A. Furia, Marco Piccioni, Bertrand Meyer Java: advanced object-oriented features Chair of Software Engineering Carlo A. Furia, Marco Piccioni, Bertrand Meyer Packages
More informationRegression testing. Whenever you find a bug. Why is this a good idea?
Regression testing Whenever you find a bug Reproduce it (before you fix it!) Store input that elicited that bug Store correct output Put into test suite Then, fix it and verify the fix Why is this a good
More information3. Design by Contract
3. Design by Contract Oscar Nierstrasz Design by Contract Bertrand Meyer, Touch of Class Learning to Program Well with Objects and Contracts, Springer, 2009. 2 Roadmap > Contracts > Stacks > Design by
More informationChapter 1: Principles of Programming and Software Engineering
Chapter 1: Principles of Programming and Software Engineering Data Abstraction & Problem Solving with C++ Fifth Edition by Frank M. Carrano Software Engineering and Object-Oriented Design Coding without
More informationA Practical Approach to Programming With Assertions
A Practical Approach to Programming With Assertions Ken Bell Christian-Albrechts Universität Kiel Department of Computer Science and Applied Mathematics Real-Time Systems and Embedded Systems Group July
More informationSoftwaretechnik. Lecture 08: Testing and Debugging Overview. Peter Thiemann SS University of Freiburg, Germany
Softwaretechnik Lecture 08: Testing and Debugging Overview Peter Thiemann University of Freiburg, Germany SS 2012 Literature Essential Reading Why Programs Fail: A Guide to Systematic Debugging, A Zeller
More informationDesign by Contract: An Overview
: An Overview CSCI 5828 Michael M. Vitousek University of Colorado at Boulder michael.vitousek@colorado.edu March 21, 2012 1 / 35 Outline 1 Introduction Motivation and Introduction Simple Example Contract
More informationSoftwaretechnik. Lecture 08: Testing and Debugging Overview. Peter Thiemann SS University of Freiburg, Germany
Softwaretechnik Lecture 08: Testing and Debugging Overview Peter Thiemann University of Freiburg, Germany SS 2012 Literature Essential Reading Why Programs Fail: A Guide to Systematic Debugging, A Zeller
More informationIndex. Index. More information. block statements 66 y 107 Boolean 107 break 55, 68 built-in types 107
A abbreviations 17 abstract class 105 abstract data types 105 abstract method 105 abstract types 105 abstraction 92, 105 access level 37 package 114 private 115 protected 115 public 115 accessors 24, 105
More informationOO Design Principles
OO Design Principles Software Architecture VO (706.706) Roman Kern Institute for Interactive Systems and Data Science, TU Graz 2018-10-10 Roman Kern (ISDS, TU Graz) OO Design Principles 2018-10-10 1 /
More informationTesting and Debugging
COS226 - Spring 2018 Class Meeting # 3 February 12, 2018 Testing and Debugging Tips & Tricks Ibrahim Albluwi COS 126 Unofficial Coding Strategy Repeat Until Deadline : Hack! Click Check All Submitted Files
More informationOutline for Today CSE 142. CSE142 Wi03 G-1. withdraw Method for BankAccount. Class Invariants
CSE 142 Outline for Today Conditional statements if Boolean expressions Comparisons (=,!=, ==) Boolean operators (and, or, not - &&,,!) Class invariants Conditional Statements & Boolean Expressions
More informationLecture 10 Design by Contract
CS 5959 Writing Solid Code Fall 2015 Nov-23 Lecture 10 Design by Contract Zvonimir Rakamarić University of Utah Design by Contract Also called assume-guarantee reasoning Developers annotate software components
More informationProgram Verification using Templates over Predicate Abstraction. Saurabh Srivastava and Sumit Gulwani
Program Verification using Templates over Predicate Abstraction Saurabh Srivastava and Sumit Gulwani ArrayInit(Array A, int n) i := 0; while (i < n) A[i] := 0; i := i + 1; Assert( j: 0 j
More informationThe Eiffel language. Slides partly based on :
The Eiffel language Slides partly based on : http://se.inf.ethz.ch/courses/2015b_fall/eprog/english_index.html Eiffel, in brief Procedural, object-oriented programming language created by Bertrand Meyer
More informationAnnouncements. Specifications. Outline. Specifications. HW1 is due Thursday at 1:59:59 pm
Announcements HW1 is due Thursday at 1:59:59 pm Specifications 2 Outline Specifications Benefits of specifications Specification conventions Javadoc JML PoS specifications Specifications A specification
More informationA comparative study of Programming by Contract and Programming with Exceptions
Computer Science Jimmy Byström Leo Wentzel A comparative study of Programming by Contract and Programming with Exceptions Master s Thesis 2003:02 A comparative study of Programming by Contract and Programming
More informationObject Oriented Program Correctness with OOSimL
Kennesaw State University DigitalCommons@Kennesaw State University Faculty Publications 12-2009 Object Oriented Program Correctness with OOSimL José M. Garrido Kennesaw State University, jgarrido@kennesaw.edu
More informationOutline. iterator review iterator implementation the Java foreach statement testing
Outline iterator review iterator implementation the Java foreach statement testing review: Iterator methods a Java iterator only provides two or three operations: E next(), which returns the next element,
More informationSteps for project success. git status. Milestones. Deliverables. Homework 1 submitted Homework 2 will be posted October 26.
git status Steps for project success Homework 1 submitted Homework 2 will be posted October 26 due November 16, 9AM Projects underway project status check-in meetings November 9 System-building project
More informationObject-Oriented Design
Object-Oriented Design Lecturer: Raman Ramsin Lecture 15: Object-Oriented Principles 1 Open Closed Principle (OCP) Classes should be open for extension but closed for modification. OCP states that we should
More informationTest-Driven Development (TDD)
Test-Driven Development (TDD) EECS3311 A: Software Design Fall 2018 CHEN-WEI WANG DbC: Supplier DbC is supported natively in Eiffel for supplier: class ACCOUNT create make feature -- Attributes owner :
More informationLecture 9 / Tutorial 8 Software Contracts
Lecture 9 / Tutorial 8 Software Contracts Design by contracts Programming by contracts Today 1. Sign a contract 2. Design by contract 3. Programming by contract 4. Summary 5. Questions and Answers Having
More informationProgramming with Contracts. Juan Pablo Galeotti, Alessandra Gorla Saarland University, Germany
Programming with Contracts Juan Pablo Galeotti, Alessandra Gorla Saarland University, Germany Contract A (formal) agreement between Method M (callee) Callers of M Rights Responsabilities Rights Responsabilities
More informationEiffel: Analysis, Design and Programming. ETH Zurich, September-December Exception handling
Eiffel: Analysis, Design and Programming ETH Zurich, September-December 2008-6- Exception handling What is an exception? An abnormal event Not a very precise definition Informally: something that you don
More informationDesign-by-Contract (Dbc) Test-Driven Development (TDD)
Design-by-Contract (Dbc) Test-Driven Development (TDD) Readings: OOSC2 Chapter 11 EECS3311: Software Design Fall 2017 CHEN-WEI WANG Terminology: Contract, Client, Supplier A supplier implements/provides
More informationAutomatic Testing Based on Design by Contract
Automatic Testing Based on Design by Contract Ilinca Ciupa Andreas Leitner, ETH Zürich (Swiss Federal Institute of Technology Zurich) SOQUA Developer Track 2005 September 22, 2005 The important things
More informationCS 520 Theory and Practice of Software Engineering Fall 2018
CS 520 Theory and Practice of Software Engineering Fall 2018 Nediyana Daskalova Monday, 4PM CS 151 Debugging October 30, 2018 Personalized Behavior-Powered Systems for Guiding Self-Experiments Help me
More informationFortgeschrittene objektorientierte Programmierung (Advanced Object-Oriented Programming)
2014-03-07 Preface Fortgeschrittene objektorientierte Programmierung (Advanced Object-Oriented Programming) Coordinates: Lecturer: Web: Studies: Requirements: No. 185.211, VU, 3 ECTS Franz Puntigam http://www.complang.tuwien.ac.at/franz/foop.html
More informationCSE 331 Final Exam 3/16/15 Sample Solution
Question 1. (12 points, 3 each) A short design exercise. Suppose Java did not include a Set class in the standard library and we need to store a set of Strings for an application. We know that the maximum
More informationUNIT 3 ARRAYS, RECURSION, AND COMPLEXITY CHAPTER 11 CLASSES CONTINUED
UNIT 3 ARRAYS, RECURSION, AND COMPLEXITY CHAPTER 11 CLASSES CONTINUED EXERCISE 11.1 1. static public final int DEFAULT_NUM_SCORES = 3; 2. Java allocates a separate set of memory cells in each instance
More informationn Specifying what each method does q Specify it in a comment before method's header n Precondition q Caller obligation n Postcondition
Programming as a contract Assertions, pre/postconditions and invariants Assertions: Section 4.2 in Savitch (p. 239) Loop invariants: Section 4.5 in Rosen Specifying what each method does q Specify it in
More informationViolations of the contract are exceptions, and are usually handled by special language constructs. Design by contract
Specification and validation [L&G Ch. 9] Design patterns are a useful way to describe program structure. They provide a guide as to how a program fits together. Another dimension is the responsibilities
More informationObject-Oriented Design
Object-Oriented Design Department of Computer Engineering Lecture 12: Object-Oriented Principles Sharif University of Technology 1 Open Closed Principle (OCP) Classes should be open for extension but closed
More information6.170 Lecture 6 Procedure specifications MIT EECS
6.170 Lecture 6 Procedure specifications MIT EECS Outline Satisfying a specification; substitutability Stronger and weaker specifications Comparing by hand Comparing via logical formulas Comparing via
More informationProgram Verification (6EC version only)
Program Verification (6EC version only) Erik Poll Digital Security Radboud University Nijmegen Overview Program Verification using Verification Condition Generators JML a formal specification language
More informationAssignment 2 - Specifications and Modeling
Assignment 2 - Specifications and Modeling Exercise 1 A way to document the code is to use contracts. For this exercise, you will have to consider: preconditions: the conditions the caller of a method
More informationFun facts about recursion
Outline examples of recursion principles of recursion review: recursive linked list methods binary search more examples of recursion problem solving using recursion 1 Fun facts about recursion every loop
More informationExceptions and assertions
Exceptions and assertions CSE 331 University of Washington Michael Ernst Failure causes Partial failure is inevitable Goal: prevent complete failure Structure your code to be reliable and understandable
More informationSoftware Architecture. Abstract Data Types
Software Architecture Abstract Data Types Mathematical description An ADT is a mathematical specification Describes the properties and the behavior of instances of this type Doesn t describe implementation
More informationAbstraction and Specification
Abstraction and Specification Prof. Clarkson Fall 2017 Today s music: "A Fifth of Beethoven" by Walter Murphy Review Previously in 3110: Language features for modularity Some familiar data structures Today:
More informationAssoc. Prof. Marenglen Biba. (C) 2010 Pearson Education, Inc. All rights reserved.
Assoc. Prof. Marenglen Biba Exception handling Exception an indication of a problem that occurs during a program s execution. The name exception implies that the problem occurs infrequently. With exception
More informationExercise 3 Subtyping and Behavioral Subtyping October 13, 2017
Concepts of Object-Oriented Programming AS 2017 Exercise 3 Subtyping and Behavioral Subtyping October 13, 2017 Task 1 In this question, we are in a nominal subtyping setting. Some languages have a special
More informationHigh Quality Java Code: Contracts & Assertions
High Quality Java Code: Contracts & Assertions by Pedro Agulló Soliveres Writing correct code is really hard. Maybe the main reason is that, as Bertrand Meyer said, software correctness is a relative notion.
More informationAutomatic Verification of Computer Programs
Chair of Software Engineering Automatic Verification of Computer Programs these slides contain advanced material and are optional What is verification Check correctness of the implementation given the
More informationAP COMPUTER SCIENCE JAVA CONCEPTS IV: RESERVED WORDS
AP COMPUTER SCIENCE JAVA CONCEPTS IV: RESERVED WORDS PAUL L. BAILEY Abstract. This documents amalgamates various descriptions found on the internet, mostly from Oracle or Wikipedia. Very little of this
More informationConformance. Object-Oriented Programming Spring 2015
Conformance Object-Oriented Programming 236703 Spring 2015 1 What s Conformance? Overriding: replace method body in sub-class Polymorphism: subclass is usable wherever superclass is usable Dynamic Binding:
More informationLecture 4 Specifications
CSE 331 Software Design and Implementation Administrivia Next assignments posted tonight HW2: Written problems on loops Lecture 4 Specifications Readings posted as well! Quizzes coming soon J Zach Tatlock
More informationWith the popularity of the Web and the
Cover Feature Behavioral Specification of Distributed Software Component Interfaces Design by contract solves the problem of behavioral specification for classes in an object-oriented program, which will
More informationAn Annotated Language
Hoare Logic An Annotated Language State and Semantics Expressions are interpreted as functions from states to the corresponding domain of interpretation Operators have the obvious interpretation Free of
More information6.170 Recitation #5: Subtypes and Inheritance
6.170 Recitation #5: Subtypes and Inheritance What is true subtyping? True Subtyping is not exactly the same as Inheritance. As seen in an earlier lecture, class A is a true subtype of class B if and only
More informationCSE 331 Midterm Exam Sample Solution 2/18/15
Question 1. (10 points) (Forward reasoning) Using forward reasoning, write an assertion in each blank space indicating what is known about the program state at that point, given the precondition and the
More informationComparing procedure specifications
Comparing procedure specifications CSE 331 University of Washington Michael Ernst Outline Satisfying a specification; substitutability Stronger and weaker specifications Comparing by hand Comparing via
More informationTesting. Prof. Clarkson Fall Today s music: Wrecking Ball by Miley Cyrus
Testing Prof. Clarkson Fall 2017 Today s music: Wrecking Ball by Miley Cyrus Review Previously in 3110: Modules Specification (functions, modules) Today: Validation Testing Black box Glass box Randomized
More informationUse of Generic Parameters Iterator and Singleton Patterns
Use of Generic Parameters Iterator and Singleton Patterns EECS3311 A: Software Design Fall 2018 CHEN-WEI WANG Generic Collection Class: Motivation (1) class STRING _STACK feature {NONE} -- Implementation
More informationIntegrating verification in programming languages
Integrating verification in programming languages Thomas Jensen, INRIA Seminar INRIA Rennes, 04/11/2015 Collège de France Chaire Algorithmes, machines et langages x / y Types For division to make sense,
More informationLecture 5 Representation Invariants
CSE 331 Software Design and Implementation Lecture 5 Representation Invariants Leah Perlmutter / Summer 2018 Announcements Announcements Happy Friday! My t-shirt Next week HW2 due Monday, July 4 at 10pm
More informationLecture 7: Data Abstractions
Lecture 7: Data Abstractions Abstract Data Types Data Abstractions How to define them Implementation issues Abstraction functions and invariants Adequacy (and some requirements analysis) Towards Object
More informationOOP Design by Contract. Carsten Schuermann Kasper Østerbye IT University Copenhagen
OOP Design by Contract Carsten Schuermann Kasper Østerbye IT University Copenhagen 1 Today's schedule Design by Contract why the term contract what design issue is captured, and why bother what is a pre-condition
More informationAnnouncements. Representation Invariants and Abstraction Functions. Announcements. Outline
Announcements Representation Invariants and Abstraction Functions Exam 1 on Monday Feb. 26 th Closed book/phone/laptop, 2 cheat pages allowed Reasoning about code, Specifications, ADTs I will post Review
More informationDesign Principles: Part 2
Liskov Substitution Principle (LSP) Dependency-Inversion Principle (DIP) Interface-Segregation Principle (ISP) Design Principles: Part 2 ENGI 5895: Software Design Andrew Vardy Faculty of Engineering &
More informationMotivation. Correct and maintainable software Cost effective software production Implicit assumptions easily broken
Spec# Andreas Vida Motivation Correct and maintainable software Cost effective software production Implicit assumptions easily broken Need more formal f specification Integration into a popular language
More informationGeneric Collection Class: Motivation (2) Use of Generic Parameters Iterator and Singleton Patterns
Generic Collection Class: Motivation (2) Use of Generic Parameters Iterator and Singleton Patterns EECS3311 A: Software Design Fall 2018 CHEN-WEI WANG ACCOUNT _STACK {NONE -- Implementation imp: ARRAY[
More informationOutline. Design Principles: Part 2. e.g. Rectangles and Squares. The Liskov Substitution Principle (LSP) ENGI 5895: Software Design.
Liskov Substitution Principle (LSP) Dependency-Inversion Principle (DIP) Interface-Segregation Principle (ISP) Liskov Substitution Principle (LSP) Dependency-Inversion Principle (DIP) Interface-Segregation
More informationUniverse Type System for Eiffel. Annetta Schaad
Universe Type System for Eiffel Annetta Schaad Semester Project Report Software Component Technology Group Department of Computer Science ETH Zurich http://sct.inf.ethz.ch/ SS 2006 Supervised by: Dipl.-Ing.
More informationUnit Testing as Hypothesis Testing
Unit Testing as Hypothesis Testing Jonathan Clark September 19, 2012 5 minutes You should test your code. Why? To find bugs. Even for seasoned programmers, bugs are an inevitable reality. Today, we ll
More informationAdvanced JML Erik Poll Radboud University Nijmegen
JML p.1/23 Advanced JML Erik Poll Radboud University Nijmegen JML p.2/23 Core JML Remember the core JML keywords were requires ensures signals invariant non null pure \old, \forall, \result JML p.3/23
More informationCHAPTER 6 Design by Contract. Literature. When Design by Contract? Why Design By Contract?
CHAPTER 6 Design by Contract Literature Introduction When, Why & What Pre & Postconditions + Invariants + Example: Stack Implementation Redundant Checks vs. Assertions Exception Handling Assertions are
More informationMotivation State Machines
Motivation State Machines Generating test cases for complex behaviour Textbook Reading: Chapter 7 We are interested in testing the behaviour of object-oriented software systems Behaviour: Interactions
More informationSubtypes and Subclasses
Subtypes and Subclasses 6.170 Lecture 14 Fall - ocw.mit.edu Reading: Chapter 7 of Program Development in Java by Barbara Liskov 1 Subtypes We have used closed arrows in module dependence diagrams and object
More informationReview sheet for Final Exam (List of objectives for this course)
Review sheet for Final Exam (List of objectives for this course) Please be sure to see other review sheets for this semester Please be sure to review tests from this semester Week 1 Introduction Chapter
More informationClient, Supplier, Contract in OOP (1) Design-by-Contract (Dbc) Test-Driven Development (TDD) Terminology: Contract, Client, Supplier
Design-by-Contract (Dbc) Test-Driven Development (TDD) Readings: OOSC2 Chapter 11 EECS3311: Software Design Fall 2017 CHEN-WEI WANG Client, Supplier, Contract in OOP (1) class Microwave { private boolean
More informationCS 315 Software Design Homework 3 Preconditions, Postconditions, Invariants Due: Sept. 29, 11:30 PM
CS 315 Software Design Homework 3 Preconditions, Postconditions, Invariants Due: Sept. 29, 11:30 PM Objectives Defining a wellformed method to check class invariants Using assert statements to check preconditions,
More information