The Substitution Principle SWE 332 – Fall 2010. 2 Liskov Substitution Principle In any client code, if subtype object is substituted for supertype object,

Slides:



Advertisements
Similar presentations
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Advertisements

1 Refactoring with Contracts Shmuel Tyszberowicz School of Computer Science The Academic College of Tel Aviv Yaffo Maayan Goldstein School of Computer.
Exceptions CSE301 University of Sunderland Harry Erwin, PhD.
Identity and Equality Based on material by Michael Ernst, University of Washington.
INF 212 ANALYSIS OF PROG. LANGS Type Systems Instructors: Crista Lopes Copyright © Instructors.
Giving a formal meaning to “Specialization” In these note we try to give a formal meaning to specifications, implementations, their comparisons. We define.
METHOD OVERRIDING Sub class can override the methods defined by the super class. Overridden Methods in the sub classes should have same name, same signature.
1 Computer Science 340 Software Design & Testing Inheritance & Design By Contract.
Pre and Post Condition Rules Definition : If R and S are two assertions, then R is said to be stronger than S if R -> S (R implies S). –Example : the assertion.
Data Abstraction II SWE 619 Software Construction Last Modified, Spring 2009 Paul Ammann.
5/17/2015 OO Design: Liskov Substitution Principle 1.
Session 07: C# OOP 4 Review of: Inheritance and Polymorphism. Static and dynamic type of an object. Abstract Classes. Interfaces. FEN AK - IT:
Principles of Object-Oriented Software Development Behavioral refinement.
CHAPTER 6 Stacks Array Implementation. 2 Stacks A stack is a linear collection whose elements are added and removed from one end The last element to be.
Subclasses and Subtypes CMPS Subclasses and Subtypes A class is a subclass if it has been built using inheritance. ▫ It says nothing about the meaning.
Specifications Liskov Chapter 9 SWE 619 Last Updated Fall 2008.
COSC 1P03 Data Structures and Abstraction 4.1 Abstract Data Types The advantage of a bad memory is that one enjoys several times the same good things for.
1 Abstraction  Identify important aspects and ignore the details  Permeates software development programming languages are abstractions built on hardware.
Design by Contract in Java Concept and Comparison.
SWE 619 © Paul Ammann Procedural Abstraction and Design by Contract Paul Ammann Information & Software Engineering SWE 619 Software Construction cs.gmu.edu/~pammann/
111 Protocols CS 4311 Wirfs Brock et al., Designing Object-Oriented Software, Prentice Hall, (Chapter 8) Meyer, B., Applying design by contract,
332 Final Review Last updated Fall 2013 Professor Ammann.
David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 12: Subtyping Rules What’s the.
OO as a language for acm l OO phrase l Mental model of key concepts.
(c) University of Washington15-1 CSC 143 Java List Implementation via Arrays Reading: 13.
David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 17: Inheritance & Behavioral.
Cs205: engineering software university of virginia fall 2006 David Evans Substitution Principle.
Type Abstraction Liskov, Chapter 7. 2 Liskov Substitution Principle In any client code, if the supertype object is substituted by a subtype object, the.
Type Abstraction SWE Spring October 05Kaushik, Ammann Substitution Principle “In any client code, if supertype object is substituted.
David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 14: Substitution Principle.
Programming by Contract 2 Object-oriented languages Class Invariants.
Polymorphism Liskov 8. Outline equals() Revisiting Liskov’s mutable vs. not rule Polymorphism Uniform methods for different types “easy” polymorphism.
ANU COMP2110 Software Design in 2003 Lecture 10Slide 1 COMP2110 Software Design in 2004 Lecture 12 Documenting Detailed Design How to write down detailed.
Data Abstraction SWE 619 Software Construction Last Modified, Spring 2009 Paul Ammann.
SWE 4743 Abstract Data Types Richard Gesick. SWE Abstract Data Types Object-oriented design is based on the theory of abstract data types Domain.
Introduction to Collections. Collections Collections provide a way of organizing related data in a model Different types of collections have different.
Polymorphism SWE 619. Outline equals() Revisiting Liskov’s mutable vs. not rule Polymorphism Uniform methods for different types “easy” polymorphism Element.
CSSE501 Object-Oriented Development. Chapter 10: Subclasses and Subtypes  In this chapter we will explore the relationships between the two concepts.
Iteration Abstraction SWE Software Construction Fall 2009.
Cs2220: Engineering Software Class 12: Substitution Principle Fall 2010 University of Virginia David Evans.
Type soundness In a more formal way. Proving Soundness of Type Systems Goal of a sound type system: –if the program type checks, then it never “crashes”
Type Hierarchies. Type Hieararchy Why?: Want to define family of related types. At the top of the hierarchy, a type whose spec defines behavior common.
Effective Java, Chapter 9: Exceptions Items Last modified Fall 2012 Paul Ammann.
CPSC 252 ADTs and C++ Classes Page 1 Abstract data types (ADTs) An abstract data type is a user-defined data type that has: private data hidden inside.
© Bertrand Meyer and Yishai Feldman Notice Some of the material is taken from Object-Oriented Software Construction, 2nd edition, by Bertrand Meyer (Prentice.
Adaptive Code Via C#
Specifications Liskov Chapter 9
CSE 331 Subtyping slides created by Marty Stepp based on materials by M. Ernst, S. Reges, D. Notkin, R. Mercer, Wikipedia
EECE 310: Software Engineering
Type Abstraction SWE Spring 2009.
Iteration Abstraction
Subtyping Rules David Evans cs205: engineering software BlackBear
SWE 332 Last Modified Spring 2010 Paul Ammann
Lecture 19 - Inheritance (Contd).
Type Abstraction Liskov, Chapter 7.
Iteration Abstraction
SWE 619 Software Construction Last Modified, Fall 2015 Paul Ammann
Method Verification CS/SWE 332 Paul Ammann.
EECE 310: Software Engineering
619 Final Review Fall 2017 Professor Ammann.
Protocols CS 4311 Wirfs Brock et al., Designing Object-Oriented Software, Prentice Hall, (Chapter 8) Meyer, B., Applying design by contract, Computer,
COMPUTER 2430 Object Oriented Programming and Data Structures I
Assertions References: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 4/25/2019.
SWE 619 Last modified Fall 2007 Saket Kaushik, Paul Ammann
Implementing static features
Lecture 13: Subtyping Rules Killer Bear Climber
Subtype Substitution Principle
Type Abstraction SWE Spring 2013.
Liskov Substitution Principle (LSP)
Method Verification Paul Ammann.
Presentation transcript:

The Substitution Principle SWE 332 – Fall 2010

2 Liskov Substitution Principle In any client code, if subtype object is substituted for supertype object, the client’s expectations are still met Simple example: Object o = getNewObject(); // client call Case 1: public Object getNewObject() {...} Case 2: public String getNewObject() {...}

3 Dynamic Dispatching Object[] x = new Object[2]; X[0] = new String(“abc”); X[1] = new Integer(1); for(int i=0; i<x.length;i++) System.out.println(x[i].toString()); Compiler does not complain Apparent type is fine! Which toString method is called? Object.toString() String.toString() Integer.toString() At run time, “best fit” code is called.

4 Two valid reasons to subtype Multiple implementations Ideally, client unaware of multiple implementations Example: Set interface HashSet, TreeSet implementations Extended Behavior Usual reason for subtyping Note what is not a reason: Making implementer’s life easier

5 Extended behavior Extended Behavior Specialize the behavior of supertype Classic ‘IS A’ relationship Additional state (abstract or representation) Warning: Harder than it looks! Vehicle Car Bike Constraint View: for contracts CAR Object View: for rep Vehicle

6 Analyzing subtype METHODS Subtypes behavior must support supertype behavior Liskov Substitution Principle Three rules for subtype methods: 1. Signature Rule 2. Methods Rule 3. Properties Rule

7 Signature Rule Guaranteed by Compiler Subtypes must have all methods of supertype Sounds obvious, but programmers often try to get around this Signatures of methods must be compatible with supertype signature Typically, return types are the same Covariance: Subclass may return a subtype Exceptions: Signature Rule allows fewer exceptions But Methods Rule may be in conflict Methods Rule always has priority

8 More concretely… public class (alt. interface) Super{ /** * m() is defined … (pre) * m() does the following things (post) … (post) */ public T1 m (T2: t2, T3: t3) throws E1, E2… } public class Sub extend (alt. implements) Super{ /** ??? */ public T1 m(T2: t2, T3: t3) throws E1, E2… }

9 Methods Rule When object belongs to subtype, subtype method is called Supertype specifications are necessarily inherited For analysis, consult pre/post See prior slide

10 Methods Rule Must maintain the contract! 1. Precondition rule: What can a subclass do with preconditions in supertype spec? 2. Post condition rule: What can a subclass do with postconditions in supertype spec?

11 Precondition rule Subtype is allowed to weaken the precondition Formally: If pre_super, then pre_sub Super //pre x > 5 Case 1: Sub //pre x > 6 Case 2: Sub // pre x > 4 x>5  x>4?Which is weaker? x>5  x>6? Not checked by compiler

12 Post condition rule Subtype is allowed to strengthen the post condition in a consistent way Formally: If pre_super, and sub_post, then super_post Super: // post: returns y < 5 Sub: //post: returns y < 4 Sub: //post: returns y < 6 Which one is a stronger condition?

13 Same Diagram as Method Verification SuperType Method Contract Subtype Method Contract AF() Supertype State (Post-Super)Supertype State (Pre-Super) Subtype State (Post-Sub) Subtype State (Pre-Sub) ?

14 Examples Super public void addZero() //pre: this is not empty //post: add zero to this public void addZero() throws ISE //pre: this is not empty //post: add zero to this Sub public void addZero() //post: add zero to this public void addZero() throws ISE //post: if this is empty, throw ISE else add zero to this Satisfies Signature and Method rules Satisfies Signature and Method rules

15 More examples Super public void addZero() //pre: this is not empty //post: add zero to this public void addZero() throws ISE //post: if this is empty, throws ISE // else add zero to this Sub public void addZero() throws ISE //post: add zero to this public void addZero() //post: add zero to this Does not satisfy Signature rule Does not satisfy Postcondition part of methods rule

16 Client code: Liskov Substitution Principle private void foo { … try{ o.addZero(); } catch (ISE e){ //do something: Client expects to get here! }

17 Methods rule vs. Properties rule Methods rule is for single method invocation Properties rule about general object behavior Invariants: Example: Sets do not contain duplicates Evolution properties: Example: Monotone sets only grow No remove() method allowed Properties must be explicit (i.e. in the JavaDoc)

18 More About Properties Rule Collection c =...; c.add (“cat”); c.remove(“cat”); // consider the following observer call: // What is behavior if c is a Set? // What is behavior if c is a Bag? if (c.contains(“cat”) {... } // Such “algebraic” relations are extremely useful for testing

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.