Software Architecture. Abstract Data Types

Similar documents
Software Architecture. Abstract Data Types

Object-Oriented Software Construction

Assertions. Assertions - Example

Computer Science BS Degree - Data Structures (I2206) Abstract Data Types (ADT)

Abstract Data Types! Documentation!

Arguing for program correctness and writing correct programs

Abstract Data Types Documentation

ATM Use Cases. ID: CIS Title: Check Balance Description: Customer aims to know the balance in his/her account

The Eiffel language. Slides partly based on :

CSE101: Design and Analysis of Algorithms. Ragesh Jaiswal, CSE, UCSD

References: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 10/14/2004 1

AXIOMS FOR THE INTEGERS

An Annotated Language

Outline. Introduction. 2 Proof of Correctness. 3 Final Notes. Precondition P 1 : Inputs include

Stacks Fall 2018 Margaret Reid-Miller

4&5 Binary Operations and Relations. The Integers. (part I)

(a) (4 pts) Prove that if a and b are rational, then ab is rational. Since a and b are rational they can be written as the ratio of integers a 1

Announcements. CS243: Discrete Structures. Strong Induction and Recursively Defined Structures. Review. Example (review) Example (review), cont.

TIME: 3 HOURS MARKS: a. Develop a java program to sort an array of N numbers in ascending order. (40)

Formal Methods of Software Design, Eric Hehner, segment 24 page 1 out of 5

STACKS AND QUEUES. Problem Solving with Computers-II

CS 617 Object Oriented Systems Lecture 3 Object Abstractions, Encapsulation, Abstract Data Types 3:30-5:00pm Thu, Jan 10

To illustrate what is intended the following are three write ups by students. Diagonalization

Notes for Recitation 8

LIFO : Last In First Out

Recursion. What is Recursion? Simple Example. Repeatedly Reduce the Problem Into Smaller Problems to Solve the Big Problem

Mock exam 1. ETH Zurich. Date: 9./10. November 2009

1. Quality issues (5 points)

CS Computable Functions. Reading: Chapter 2

Computer Science 236 Fall Nov. 11, 2010

More Shared Memory Programming

Syntax of Eiffel: a Brief Overview

Softwaretechnik. Lecture 03: Types and Type Soundness. Peter Thiemann. University of Freiburg, Germany SS 2008

10/9/17. Using recursion to define objects. CS 220: Discrete Structures and their Applications

Commands, and Queries, and Features. Syntax of Eiffel: a Brief Overview. Escape Sequences. Naming Conventions

Main Goal. Language-independent program verification framework. Derive program properties from operational semantics

Abstract Data Types. Stack ADT

CMPSCI 250: Introduction to Computation. Lecture #14: Induction and Recursion (Still More Induction) David Mix Barrington 14 March 2013

CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Chapter 12

Stacks. Revised based on textbook author s notes.

Functional Programming, Classes, and Recursion!

COMP250: Stacks. Jérôme Waldispühl School of Computer Science McGill University. Based on slides from (Goodrich & Tamassia, 2004)

Reasoning About Programs Panagiotis Manolios

EXAM Computer Science 1 Part 1

Software Architecture 4. July 2005

Recursion. Tjark Weber. Functional Programming 1. Based on notes by Sven-Olof Nyström. Tjark Weber (UU) Recursion 1 / 37

Computer Science 9608 (Notes) Chapter: 4.1 Computational thinking and problem-solving

CSC148 Week 2. Larry Zhang

CS 220: Discrete Structures and their Applications. Recursive objects and structural induction in zybooks

Stacks. stacks of dishes or trays in a cafeteria. Last In First Out discipline (LIFO)

Fall Recursion and induction. Stephen Brookes. Lecture 4

Lecture 3: Recursion; Structural Induction

1KOd17RMoURxjn2 CSE 20 DISCRETE MATH Fall

Software Design and Analysis for Engineers

CS112 Lecture: Defining Classes. 1. To describe the process of defining an instantiable class

Streams. CS21b: Structure and Interpretation of Computer Programs Spring Term, 2004

CSC313 High Integrity Systems/CSCM13 Critical Systems. CSC313/CSCM13 Chapter 2 1/ 221

We will show that the height of a RB tree on n vertices is approximately 2*log n. In class I presented a simple structural proof of this claim:

Outline. Stacks. 1 Chapter 5: Stacks and Queues. favicon. CSI33 Data Structures

Data Abstraction and Specification of ADTs

Hoare Logic and Model Checking

Programming Languages Third Edition

Hardware versus software

BCS THE CHARTERED INSTITUTE FOR IT. BCS HIGHER EDUCATION QUALIFICATIONS BCS Level 5 Diploma in IT. Object Oriented Programming

Einführung in die Programmierung Introduction to Programming

CSE332: Data Abstractions Lecture 19: Mutual Exclusion and Locking

Induction Schemes. Math Foundations of Computer Science

EC8393FUNDAMENTALS OF DATA STRUCTURES IN C Unit 3

Introduction. Problem Solving on Computer. Data Structures (collection of data and relationships) Algorithms

Hoare Logic and Model Checking. A proof system for Separation logic. Introduction. Separation Logic

List of Practical for Class XII Computer Science

Data Structures -- Introduction

Collection Considerations

Automated Fixing of Programs with Contracts

CSC 1052 Algorithms & Data Structures II: Recursion

Spark verification features

HW 1 CMSC 452. Morally DUE Feb 7 NOTE- THIS HW IS THREE PAGES LONG!!! SOLUTIONS THROUGOUT THIS HW YOU CAN ASSUME:

March 13/2003 Jayakanth Srinivasan,

Propositional Logic Formal Syntax and Semantics. Computability and Logic

Relational Algebra for sets Introduction to relational algebra for bags

Indicate the option which most accurately completes the sentence.

Semantics. There is no single widely acceptable notation or formalism for describing semantics Operational Semantics

CSE 20 DISCRETE MATH. Winter

The divide and conquer strategy has three basic parts. For a given problem of size n,

Recursion. Lars-Henrik Eriksson. Functional Programming 1. Based on a presentation by Tjark Weber and notes by Sven-Olof Nyström

Storing Data in Objects

CPSC 221: Algorithms and Data Structures ADTs, Stacks, and Queues

CS158 Section B Exam 1 Key

Induction in Coq. Nate Foster Spring 2018

Dijkstra s Algorithm and Priority Queue Implementations. CSE 101: Design and Analysis of Algorithms Lecture 5

Fall Lecture 13 Thursday, October 11

Week 6. Data structures

Outline for Today CSE 142. CSE142 Wi03 G-1. withdraw Method for BankAccount. Class Invariants

Lamé s Theorem. Strings. Recursively Defined Sets and Structures. Recursively Defined Sets and Structures

SEQUENCES, MATHEMATICAL INDUCTION, AND RECURSION

ELEC-270 Solutions to Assignment 5

CSE 20 DISCRETE MATH WINTER

Finite Automata Theory and Formal Languages TMV027/DIT321 LP4 2018

CSE 332: Data Structures & Parallelism Lecture 17: Shared-Memory Concurrency & Mutual Exclusion. Ruth Anderson Winter 2019

Graph Algorithms. Chapter 22. CPTR 430 Algorithms Graph Algorithms 1

Transcription:

Software Architecture Abstract Data Types

Mathematical description An ADT is a mathematical specification Describes the properties and the behavior of instances of this type Doesn t describe implementation details (therefore it s abstract) An example: STACK Michela Pedroni, ETH Zurich 2

Stack LIFO (last in, first-out) Queue Operations: put: Put something onto the STACK (Command) remove: Remove the top element of the STACK (Command) item: Return the value of the top item (Query) empty: Is the STACK empty? (Query) Michela Pedroni, ETH Zurich 3

Abstract data types One data type many implementations. E.g. for STACK: Variant 1: array up capacity count 1 representation Push x on stack representation: representation [count] := x count := count + 1 Variant 2: array down free 1 representation Variant 3: linked list new n item next item next item next Push x on stack representation: representation [free] := x free := free -1 Push operation: new (n) n.item := x n.next := first first := new Michela Pedroni, ETH Zurich 4

Formal description of a STACK Types: The type(s) that are described by the ADT. Functions: The functions that can be applied to the ADT. Preconditions: Axioms: Preconditions that need to be fulfilled to apply a feature. Axioms that the ADT fulfills. Michela Pedroni, ETH Zurich 5

Abstract data types Creators: Create a new instance of an ADT. {OTHERS} ADT Queries: Functions that have a return value and do not change the instance. ADT {x OTHERS} OTHERS Commands: Functions without return value that change the instance. ADT {x OTHERS} ADT Partial function There are cases where no valid return value can be given for a function e.g.. division by 0 Michela Pedroni, ETH Zurich 6

Abstract data types Types STACK [G] -- G: Formal generic parameter Functions put: STACK [G] G STACK [G] remove: STACK [G] STACK [G] item: STACK [G] G empty: STACK [G] BOOLEAN new: STACK [G] Michela Pedroni, ETH Zurich 7

Abstract data types Preconditions remove (s: STACK [G]) require not empty (s) item (s: STACK [G]) require not empty (s) Axioms For all x: G, s: STACK [G] 1. item (put (s, x)) = x 2. remove (put (s, x)) = s 3. empty (new) 4. not empty (put (s, x)) Michela Pedroni, ETH Zurich 8

Well-formed and correct terms Well-formed: all functions get a right number of arguments of right types Correct: preconditions of all functions are satisfied empty (item (put (new, 3))) item (put (new, 3)) item (remove (put (new, 3))) empty (remove (put (new, 7))) item (put (put (remove (put (new, 4)), 3), 2)) ill-formed 3 incorrect True 2 9

Structural induction Goal: Prove that a property P is valid for all correct terms T of the ADT. Induction basis (step 0): Prove that P holds for all creators of the ADT. Induction hypothesis (step n-1): Assume that P holds for any correct term T sub. Induction step (step n): Prove for all commands that can be applied correctly to T sub that P will still hold afterwards. 10

Sufficient completeness An ADT is sufficiently complete if and only if: 1. For every term you can determine whether it is correct or not using the axioms of the ADT. 2. Every correct term where the outermost function is a query of the ADT can be reduced, using the axioms of the ADT, into a term not using any function of the ADT. 11

Your turn: Design an ADT (types, functions, preconditions, axioms) We have the following requirements for a BANK_ACCOUNT class: 1. Every BANK_ACCOUNT has an owner and a balance. 2. The balance is recorded in Rappen (as an INTEGER). 3. The owner is recorded with his/her name (as a STRING). 4. It should always be possible to retrieve the balance and owner for any given BANK_ACCOUNT. 5. It is possible to deposit money to and withdraw money from the BANK_ACCOUNT. 6. The balance on the BANK_ACCOUNT is adjusted accordingly. 7. The balance of any BANK_ACCOUNT should never become negative. 12

ADT BANK_ACCOUNT TYPES BANK_ACCOUNT FUNCTIONS new_account: STRING BANK_ACCOUNT owner: BANK_ACCOUNT STRING balance: BANK_ACCOUNT INTEGER deposit: BANK_ACCOUNT INTEGER BANK_ACCOUNT withdraw: BANK_ACCOUNT INTEGER BANK_ACCOUNT 13

ADT BANK_ACCOUNT (cont d) PRECONDITIONS (with v INTEGER, a BANK_ACCOUNT) withdraw (a, v) require balance (a) v and v 0 deposit (a, v) require v 0 AXIOMS (with o STRING, v INTEGER, a BANK_ACCOUNT) A1: balance (new_account (o)) = 0 A2: owner (new_account (o)) = o A3: balance (deposit (a, v)) = balance (a) + v A4: balance (withdraw (a, v)) = balance (a) v 14

To Do Prove by structural induction of bank accounts that the value returned by balance is never negative. The specification is not sufficiently complete; show why. Add axiom(s) to make it sufficiently complete, and prove that, with such an extension, it is sufficiently complete. 15

Proof: balance non-negative We prove this by induction over the structure of correct bank accounts: Base case: The bank account is of the form new_account(o), and we know balance(new_account(o)) = 0 and that 0 >= 0. Step case: The bank account can have one of two forms, where a is a correct bank account with balance(a) >= 0: Form deposit(a,i) where i >= 0. By axiom A3, we know that balance(deposit(a,i)) = balance(a) + i which is non-negative because of the induction hypothesis and i >= 0 Form withdraw(a,i) where balance(a) >= i >= 0. From axiom A4 it follows that balance(withdraw(a,i)) >= 0.

Proof: sufficient completeness (1) The ADT is not sufficiently complete, since we cannot determine the owner of an account if a deposit or withdrawal was made. To make it sufficiently complete, we have to add the axioms: A5: owner(deposit(a,v)) = owner(a) A6: owner(withdraw(a,v)) = owner(a)

Proof: sufficient completeness (2) Let P(n) be the property for all terms a of type BANK_ACCOUNT with at most n applications of deposit and withdraw, it can be proven 1) whether a is correct or not and 2) whether balance(a) and owner(a) are correct or not and if correct, whether they can be reduced to terms not involving new_account, owner, balance, deposit and withdraw Base case n=0: a is new_account(o), which is correct, and balance(a) = 0 and owner(a) = o. Thus P(0) holds.

Proof: sufficient completeness (3) Step case: We assume the induction hypothesis (IH) P(n-1) and have to prove P(n). First case: a is deposit(b,i) and the IH applies to terms b and i. 1. Term a is correct iff b and i are correct, which we can determine by IH, and i > 0, which we can determine (since we can reduce i to a term not using functions of BANK_ACCOUNT by IH). 2. * balance(a) is correct iff a is correct, which we can determine (see 1). If balance(a) is correct, then balance(a) = balance(b) + i, which can be reduced to a term not using functions of BANK_ACCOUNT by IH. * owner(a) is correct iff a is correct, which we can determine (see 1). If owner(a) is correct, then owner(a) = owner(b), which can be reduced to a term not using functions of BANK_ACCOUNT by IH.

Proof: sufficient completeness (4) Step case (continued) Second case: a is withdraw(b,i) and the IH applies to terms b and i. 1. Term a is correct iff b and i are correct, which we can determine by IH, and balance(b) >= i >= 0, which we can determine (since we can reduce balance(b) and i to terms not using functions of BANK_ACCOUNT by IH). 2. * balance(a) is correct iff a is correct, which we can determine (see 1). If balance(a) is correct, then balance(a) = balance(b) - i, which can be reduced to a term not using functions of BANK_ACCOUNT by IH. * owner(a) is correct iff a is correct, which we can determine (see 1). If owner(a) is correct, then owner(a) = owner(b), which can be reduced to a term not using functions of BANK_ACCOUNT by IH. QED 20

Supplementary reading Object-oriented Software Construction, Second Edition, by Bertrand Meyer, pp. 148-159 21

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback