CSC Advanced Object Oriented Programming, Spring Specification

Similar documents
Assertions. Assertions - Example

Software Development. Modular Design and Algorithm Analysis

References: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 10/14/2004 1

Assertions, pre/postconditions

Why Design by Contract! CS 619 Introduction to OO Design and Development. Design by Contract. Fall 2012

Violations of the contract are exceptions, and are usually handled by special language constructs. Design by contract

Software Engineering CSC40232: SOFTWARE ENGINEERING. Guest Lecturer: Jin Guo SOLID Principles sarec.nd.edu/courses/se2017

Assertions & Design-by-Contract using JML Erik Poll University of Nijmegen

Object Oriented Issues in VDM++

Design by Contract: An Overview

Type Hierarchy. Comp-303 : Programming Techniques Lecture 9. Alexandre Denault Computer Science McGill University Winter 2004

Design by Contract in Eiffel

OO Design Principles

a correct statement? You need to know what the statement is supposed to do.

15-122: Principles of Imperative Computation (Section G)

Exceptions and assertions

Symbolic Execution and Proof of Properties

Agenda. More on the Unified Modeling Language. UML diagram types. Packages

Contracts. Dr. C. Constantinides. June 5, Department of Computer Science and Software Engineering Concordia University Montreal, Canada 1/71

Testing and Debugging

Chapter 3 (part 3) Describing Syntax and Semantics

Lecture 1 Contracts. 1 A Mysterious Program : Principles of Imperative Computation (Spring 2018) Frank Pfenning

Advances in Programming Languages

Readability [Skrien 4.0] Programs must be written for people to read, and only incidentally for machines to execute.

n Specifying what each method does q Specify it in a comment before method's header n Precondition q Caller obligation n Postcondition

6.170 Recitation #5: Subtypes and Inheritance

1. true / false By a compiler we mean a program that translates to code that will run natively on some machine.

Lecture 9 / Tutorial 8 Software Contracts

CSE 331 Software Design & Implementation

CSI33 Data Structures

Designing Robust Classes

Developing Reliable Software using Object-Oriented Formal Specification and Refinement [Extended abstract prepared 24 March 2003]

Lecture 10 Design by Contract

Programming II (CS300)

Regression testing. Whenever you find a bug. Why is this a good idea?

Assoc. Prof. Marenglen Biba. (C) 2010 Pearson Education, Inc. All rights reserved.

Adding Contracts to C#

CSE 307: Principles of Programming Languages

Lecture 1 Contracts : Principles of Imperative Computation (Fall 2018) Frank Pfenning

CSE 331 Final Exam 3/16/15 Sample Solution

UC Santa Barbara. CS189A - Capstone. Christopher Kruegel Department of Computer Science UC Santa Barbara

An Annotated Language

Java Modelling Language (JML) References

CSC Advanced Object Oriented Programming, Spring Overview

Runtime Checking and Test Case Generation for Python

With the popularity of the Web and the

Queue Implemented with a CircularArray. Queue Implemented with a CircularArray. Queue Implemented with a CircularArray. Thursday, April 25, 13

17. Assertions. Outline. Built-in tests. Built-in tests 3/29/11. Jelle Slowack, Bart Smets, Glenn Van Loon, Tom Verheyen

Software Architecture 4. July 2005

17. Assertions. Jelle Slowack, Bart Smets, Glenn Van Loon, Tom Verheyen

There are three basic elements in object oriented programming: encapsulation, inheritance and polymorphism.

Principles of Object-Oriented Design

Softwaretechnik. Lecture 08: Testing and Debugging Overview. Peter Thiemann SS University of Freiburg, Germany

Checking Program Properties with ESC/Java

Verification Condition Generation

Combining Static and Dynamic Contract Checking for Curry

Softwaretechnik. Lecture 08: Testing and Debugging Overview. Peter Thiemann SS University of Freiburg, Germany

Software Engineering Design & Construction

Type Hierarchy. Lecture 6: OOP, autumn 2003

Java Modelling Language (JML) References

Today s Lecture. Are These Theorems of POTS? RAISE. Lecture 20: Descriptive Specifications (Continued)

MSO Lecture Design by Contract"

CS 161 Computer Security

Today's Agenda. References. Open Closed Principle. CS 247: Software Engineering Principles. Object-Oriented Design Principles

hwu-logo.png 1 class Rational { 2 int numerator ; int denominator ; 4 public Rational ( int numerator, int denominator ) {

Inheritance and Substitution (Budd chapter 8, 10)

Chapter 10 Classes Continued. Fundamentals of Java

Code Contracts in C#

Safely Creating Correct Subclasses without Seeing Superclass Code

Chapter 8: Class and Method Design

Fortgeschrittene objektorientierte Programmierung (Advanced Object-Oriented Programming)

Safely Creating Correct Subclasses without Seeing Superclass Code

The Contract Pattern. Design by contract

Index. Index. More information. block statements 66 y 107 Boolean 107 break 55, 68 built-in types 107

Testing, Debugging, and Verification

CITS5501 Software Testing and Quality Assurance Formal methods

Software Security: Vulnerability Analysis

Chapter 1: Programming Principles

Spark verification features

Chapter 1: Principles of Programming and Software Engineering

Chapter 11 Classes Continued

The following topics will be covered in this course (not necessarily in this order).

Part II. Hoare Logic and Program Verification. Why specify programs? Specification and Verification. Code Verification. Why verify programs?

22c:181 / 55:181 Formal Methods in Software Engineering

Exercise 3 Subtyping and Behavioral Subtyping October 13, 2017

Code Contracts. Pavel Parízek. CHARLES UNIVERSITY IN PRAGUE faculty of mathematics and physics

CSE 331 Summer 2017 Final Exam. The exam is closed book and closed electronics. One page of notes is allowed.

A Practical Approach to Programming With Assertions

Name: CSC143 Exam 1 1 CSC 143. Exam 1. Write also your name in the appropriate box of the scantron

Black Box Testing. EEC 521: Software Engineering. Specification-Based Testing. No Source Code. Software Testing

4 Software models. often more than what people can handle not necessary to know all details at all times

Reasoning About Programs Panagiotis Manolios

Pages and 68 in [JN] conventions for using exceptions in Java. Chapter 8 in [EJ] guidelines for more effective use of exceptions.

Method Description for Semla A Software Design Method with a Focus on Semantics

Lecture Notes on Linear Search

A Correctness Proof for a Practical Byzantine-Fault-Tolerant Replication Algorithm

CSE 331 Final Exam 12/14/15 Sample Solution. Question 1. (20 points, 1 each) Warmup. For each statement, circle T if it is true and F if it is false.

11/2/09. Code Critique. What goal are we designing to? What is the typical fix for code smells? Refactoring Liskov Substitution Principle

Top Down Design vs. Modularization

Self-checking software insert specifications about the intent of a system

Transcription:

CSC 520 - Advanced Object Oriented Programming, Spring 2018 Specification

Specification A specification is an unambiguous description of the way the components of the software system should be used and how they behave if used properly. In object-oriented design, this relates to the interfaces of the system components, and classes in particular.

Reasons for Specification To remove ambiguity remaining after earlier phases. To improve our understanding of the implementation. To increase our confidence that the system will work. To help us debug our software. To help us test our software. To help us modify our software. To allow us to pass the implementation task to other developers. To provide better documentation.

Specification in Terms of Client-Supplier Boundaries What information the client can pass over the boundary and when they are allowed to pass it. What information the client can retrieve from the boundary and when they are allowed to retrieve it. When an even will be broadcast to registered clients and what information the clients will receive. The legal states of the information managed by the boundary.

Formal Specification Formal specification is scientific and rigorous. The following steps are used to mathematically prove that software is correct: 1 Produce a formal specification in a mathematical language that describes how the software should behave. 2 Prove that the specification is feasible, that is, there are no logical contradictions or impossibilities. 3 Prove that the software conforms to the specification.

Informal Specification Informal specification is pragmatic and partial. The simplest informal specifications are code comments that describe thins such as: when the client should call the function what parameters should be passed what kind of result is returned (type and value) what effect the function has on global data what action the function takes if there is a problem

Dynamic Checking A dynamic check is code embedded in the implementation that verifies that the software is not breaking the specification. Dynamic checking only makes sense for informal specifications: Formal specification guarantees that the implementation does not violate the specification; dynamic checking assumes that implementations tend to have faults. Some formal requirements cannot be feasibly checked. Some formal requirements cannot be expressed using imperative code. Some formal requirements cannot be expressed accurately as imperative code.

Object-Oriented Specification An object-oriented specification language allows us to assert: when a message can legally be sent to an object (message preconditions, expressed in terms of public attributes) the valid parameters for each message (message preconditions) the effect a message has on the receiving object (message postconditions, expressed in terms of public attributes) the valid replies from each message (message postconditions) the conditions that are always met by the object (class invariants)

Object-Oriented Specification Example Consider a Container class with an add method. Possible assertions: Precondition: an object reference passed to the add message must not be null Precondition: an object passed to the add message must not already be in the Container Postcondition: after the add message, the Container will contain the object that was passed in as a parameter. Invariant: the Container always contains a positive number of objects.

Design by Contract Design by Contract specifies the obligations between a client object and a supplier object: The client must respect the suppliers invariants. The use of a supplier method is subject to its preconditions. The implementation of a supplier method must guarantee its postconditions. The implementation of a supplier method the supplier s invariants. Abiding by the contract allows us to write less error checking code.

Contracts and Inheritance Inheritance effects contracts due to subtype polymorphism. The following Class invariants are combined using and as we move down the class hierarchy: we can only add invariants. Preconditions and postconditions are only an issue if the associate method is overridden. Preconditions can only be weakened as we move down the class hierarchy; preconditions added to a redefined method are combined with the inherited method using or. Postconditions can only be strengthened as we move down the class hierarchy; postconditions added to a redefined method are combined with and.

Enforcing Contracts Design by Contract assumes that the client and supplier objects meet their obligations. Programmers are fallible; error checking responsibilities: The supplier half of the contract (postconditions and invariants) should be checked at the end of the supplier method. The client is responsible for checking invariants and preconditions before calling the supplier, but this can lead to code duplication The supplier side of the contract can offer client side checking of the contract as a service to avoid code duplication.

Enforcing Contracts Example public int supplier ( Object o) { if (!... check invariants...) { fail (" Invariants broken "); } if (!... check preconditions...) { fail (" Preconditions broken "); } } // do the work if (!... check postconditions...) { fail (" Postconditions broken "); } if (!... check invariants...) { fail (" Invariants broken "); }

Informal Specification in Java Document contracts using code comments Check conditions dynamically Signal contract violations using RuntimeExceptions

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback