Design by contract Object-Oriented Software Construction by Bertrand Meyer, Prentice Hall The presence of a precondition or postcondition in a routine.

Slides:



Advertisements
Similar presentations
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Advertisements

Writing specifications for object-oriented programs K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 21 Jan 2005 Invited talk, AIOOL 2005 Paris,
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Design by Contract.
Copyright W. Howden1 Programming by Contract CSE 111 6/4/2014.
Design By Contract Using JMSAssert.
Ceg860(Prasad)L10DC1 Design by Contract Invariants Pre-post conditions : Rights and Obligations Exceptions : Contract Violations.
Building Bug-Free O-O Software: An Introduction to Design By Contract A presentation about Design By Contract and the Eiffel software development tool.
Verifying Executable Object-Oriented Specifications with Separation Logic Stephan van Staden, Cristiano Calcagno, Bertrand Meyer.
1 Computer Science 340 Software Design & Testing Inheritance & Design By Contract.
Design by Contract. Design by contract is the process of developing software based on the notion of contracts between objects, which are expressed as.
Chair of Software Engineering Software Architecture Prof. Dr. Bertrand Meyer Lecture 6: Exception Handling.
1 Design by Contract Building Reliable Software. 2 Software Correctness Correctness is a relative notion  A program is correct with respect to its specification.
Design by Contract ™. 2 Design by Contract A discipline of analysis, design, implementation, management.
Feb 2003 R McFadyen1 Contracts (Ch 13) Used to help understand requirements more completely based on assertions; assertions are applicable to any.
Chair of Software Engineering OOSC - Summer Semester Object-Oriented Software Construction Bertrand Meyer.
Chair of Software Engineering ATOT - Lecture 25, 30 June Advanced Topics in Object Technology Bertrand Meyer.
Design by Contract. Specifications Correctness formula (Hoare triple) {P} A {Q} – A is some operation (for example, a routine body) – P and Q are predicates.
Jan 2005 Ron McFadyen1 Contracts Used to help understand requirements more completely (and so may not always be necessary) based on assertions;
Chair of Software Engineering OOSC - Summer Semester Object-Oriented Software Construction Bertrand Meyer Lecture 15: Exception handling.
-5- Exception handling What is an exception? “An abnormal event” Not a very precise definition Informally: something that you don’t want to happen.
Copyright W. Howden1 Lecture 13: Programming by Contract.
Software Testing and Quality Assurance
Chair of Software Engineering OOSC - Summer Semester Object-Oriented Software Construction Bertrand Meyer Lecture 10: Project Presentation Ilinca.
Chair of Software Engineering ATOT - Lecture 12, 12 May Advanced Topics in Object Technology Bertrand Meyer.
Chair of Software Engineering ATOT - Lecture 26, 30 June Advanced Topics in Object Technology Bertrand Meyer.
Chair of Software Engineering Einführung in die Programmierung Introduction to Programming Prof. Dr. Bertrand Meyer Lecture 4: The Interface of a Class.
Chair of Software Engineering Einführung in die Programmierung Introduction to Programming Prof. Dr. Bertrand Meyer Lecture 4: The Interface of a Class.
Chair of Software Engineering Concurrent Object-Oriented Programming Prof. Dr. Bertrand Meyer Lecture 9: Contracts and Inheritance (based on work with.
Design by Contract David Talby. Software Correctness When is a class correct? – It ’ s a relative concept; what is required? – But it ’ s the correct.
Eiffel Language and Design by Contract Contract –An agreement between the client and the supplier Characteristics –Expects some benefits and is prepared.
Adding Contracts to Ada Ehud Lamm Adding Design By Contract to Ada.
1 © Wolfgang Pelz Design by Contract Design by Contract™ Based on material drawn from: Bertrand.
Computer Science 340 Software Design & Testing Design By Contract.
Ranga Rodrigo. Class is central to object oriented programming.
OOSC - JMSAssert. Design By Contract A powerful technique for writing reliable software. Specifying the software purpose with the implementation. Key.
CSC 480 Software Engineering Design by Contract. Detail Design Road Map Begin with architectural models  Class model: domain classes  Overall state.
Protocols Software Engineering II Wirfs Brock et al, Designing Object-Oriented Software, Prentice Hall, Mitchell, R., and McKim, Design by Contract,
© Bertrand Meyer and Yishai Feldman Notice Some of the material is taken from Object-Oriented Software Construction, 2nd edition, by Bertrand Meyer (Prentice.
1 Devon M. Simmonds, Computer Science Department Design by Contract Devon M. Simmonds Computer Science Department University of North Carolina, Wilmington.
Class Design I Class Contracts Readings: 2 nd Ed: Section 9.5, Advanced Topic nd Ed: Section 8.5, Advanced Topic 8.2 Some ideas come from: “Practical.
Chair of Software Engineering 1 Introduction to Programming Bertrand Meyer Exercise Session October 2008.
ANU COMP2110 Software Design in 2003 Lecture 10Slide 1 COMP2110 Software Design in 2004 Lecture 12 Documenting Detailed Design How to write down detailed.
L13: Design by Contract Definition Reliability Correctness Pre- and post-condition Asserts and Exceptions Weak & Strong Conditions Class invariants Conditions.
SWE 4743 Abstract Data Types Richard Gesick. SWE Abstract Data Types Object-oriented design is based on the theory of abstract data types Domain.
Defensive Programming CNS 3370 Copyright 2003, Fresh Sources, Inc.
PROGRAMMING PRE- AND POSTCONDITIONS, INVARIANTS AND METHOD CONTRACTS B MODULE 2: SOFTWARE SYSTEMS 13 NOVEMBER 2013.
Chapter 2 Comments, Conditions, Assertions Comments Preconditions Postconditions Assertions.
DBC NOTES. Design By Contract l A contract carries mutual obligations and benefits. l The client should only call a routine when the routine’s pre-condition.
1 Exceptions When the Contract is Broken. 2 Definitions A routine call succeeds if it terminates its execution in a state satisfying its contract A routine.
Object Design More Design Patterns Object Constraint Language Object Design Specifying Interfaces Review Exam 2 CEN 4010 Class 18 – 11/03.
© Bertrand Meyer and Yishai Feldman Notice Some of the material is taken from Object-Oriented Software Construction, 2nd edition, by Bertrand Meyer (Prentice.
© Bertrand Meyer and Yishai Feldman Notice Some of the material is taken from Object-Oriented Software Construction, 2nd edition, by Bertrand Meyer (Prentice.
Chapter 6 CS 3370 – C++ Functions.
Design by Contract Jim Fawcett CSE784 – Software Studio
Design by Contract Jim Fawcett CSE784 – Software Studio
Used to help understand requirements more completely
Principles of Programming and Software Engineering
Design by Contract in Python: Present and Future Aaron Bingham
CSC 480 Software Engineering
Programming Languages 2nd edition Tucker and Noonan
Design by Contract Jerry Fitzpatrick
Design by contract Object-Oriented Software Construction by Bertrand Meyer, Prentice Hall The presence of a precondition or postcondition in a routine.
Assertions References: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 4/25/2019.
Computer Science 340 Software Design & Testing
Class Invariants Pre-conditions and post-conditions describe the properties of individual methods. A class invariant is a global property of the instances.
Contract-Based Programming with/without Ada 2012
Programming Languages 2nd edition Tucker and Noonan
Formal Methods Lecture 16 March 22, 2011 CS 315 Spring 2011
Design by Contract – Exceptions
Presentation transcript:

Design by contract Object-Oriented Software Construction by Bertrand Meyer, Prentice Hall The presence of a precondition or postcondition in a routine is viewed as a contract. 12/3/2018 Design by Contract 99

Rights and obligations Parties in the contract: class and clients require pre, ensure post with method r: If you promise to call r with pre satisfied then I, in return, promise to deliver a final state in which post is satisfied. Contract: entails benefits and obligations for both parties 12/3/2018 Design by Contract 99

Rights and obligations Precondition binds clients Postcondition binds class 12/3/2018 Design by Contract 99

Example 12/3/2018 Design by Contract 99

If precondition is not satisfied If client’s part of the contract is not fulfilled, class can do what it pleases: return any value, loop indefinitely, terminate in some wild way. Advantage of convention: simplifies significantly the programming style. 12/3/2018 Design by Contract 99

Source of complexity Does data passed to a method satisfy requirement for correct processing? Problem: no checking at all or: multiple checking. Multiple checking: conceptual pollution: redundancy; complicates maintenance Recommended approach: use preconditions 12/3/2018 Design by Contract 99

Class invariants and class correctness Preconditions and postconditions describe properties of individual methods Need for global properties of instances which must be preserved by all routines 0<=nb_elements; nb_elements<=max_size empty=(nb_elements=0); 12/3/2018 Design by Contract 99

Class invariants and class correctness A class invariant is an assertion appearing in the invariant clause of the class. Must be satisfied by all instances of the class at all “stable” times (instance in stable state): on instance creation before and after every remote call to a routine (may be violated during call) 12/3/2018 Design by Contract 99

Class invariants and class correctness A class invariant only applies to public methods; private methods are not required to maintain the invariant. 12/3/2018 Design by Contract 99

Invariant Rule An assertion I is a correct class invariant for a class C iff the following two conditions hold: The constructor of C, when applied to arguments satisfying the constructor’s precondition in a state where the attributes have their default values, yields a state satisfying I. Every public method of the class, when applied to arguments and a state satisfying both I and the method’s precondition, yields a state satisfying I. 12/3/2018 Design by Contract 99

Invariant Rule Precondition of a method may involve the initial state and the arguments Postcondition of a method may only involve the final state, the initial state (through old) and in the case of a function, the returned value. The class invariant may only involve the state 12/3/2018 Design by Contract 99

Invariant Rule The class invariant is implicitly added (anded) to both the precondition and postcondition of every exported routine Could do, in principle, without class invariants. But they give valuable information. Class invariant acts as control on evolution of class A class invariant applies to all contracts between a method of the class and a client 12/3/2018 Design by Contract 99

Definitions Class C INV class invariant method r: prer(xr) precondition; postr postcondition xr: possible arguments of r Br: body of method r DefaultC: attributes have default values 12/3/2018 Design by Contract 99

Correctness of a class A class C is said to be correct with respect to its assertions if and only if For every public method r other than the constructor and any set of valid arguments xr: {INV and prer(xr)} Br {INV and postr} For any valid set of arguments xC to the constructor: {DefaultC and preC(xC) BC {INV} 12/3/2018 Design by Contract 99

How to prove correctness A complex story 12/3/2018 Design by Contract 99

The End 12/3/2018 Design by Contract 99

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.