Error Management with Design Contracts Karlstad University Computer Science Error Management with Design Contracts Eivind J. Nordby, Martin Blom, Anna.

Slides:



Advertisements
Similar presentations
Object Oriented Analysis And Design-IT0207 iiI Semester
Advertisements

Making the System Operational
Exceptions CSE301 University of Sunderland Harry Erwin, PhD.
Karlstad University Computer Science Design Contracts and Error Management Design Contracts and Errors A Software Development Strategy Eivind J. Nordby.
SOFTWARE TESTING. INTRODUCTION  Software Testing is the process of executing a program or system with the intent of finding errors.  It involves any.
An Introduction to Java Programming and Object- Oriented Application Development Chapter 8 Exceptions and Assertions.
Chapter 10 Introduction to Arrays
ISBN Chapter 3 Describing Syntax and Semantics.
1 Design by Contract Building Reliable Software. 2 Software Correctness Correctness is a relative notion  A program is correct with respect to its specification.
API Design CPSC 315 – Programming Studio Fall 2008 Follows Kernighan and Pike, The Practice of Programming and Joshua Bloch’s Library-Centric Software.
ITEC200 Week02 Program Correctness and Efficiency.
Software Engineering and Design Principles Chapter 1.
Program Correctness and Efficiency Chapter 2. Chapter 2: Program Correctness and Efficiency2 Chapter Objectives To understand the differences between.
On the Relation between Design Contracts and Errors Karlstad University Computer Science On the Relation Between Design Contracts and Errors A Software.
Karlstad University Computer Science Component Based Software Engineering, Västerås Semantic Integrity in Component Based Development Martin.
Software Testing and Quality Assurance
Program Correctness and Efficiency Chapter 2. Chapter Objectives  To understand the differences between the three categories of program errors  To understand.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.
Improved software quality through semantic descriptions (Skutt) Karlstad University Dept. of Computer Science Semla Design Method for use in.
Karlstad University Computer Science Design Contracts and Error Management Design Contracts and Errors A Software Development Strategy (anpassad för PUMA)
Improved software quality through semantic descriptions (Skutt) Karlstad University Dept. of Computer Science Semla Design Method for use in.
Describing Syntax and Semantics
Eiffel Language and Design by Contract Contract –An agreement between the client and the supplier Characteristics –Expects some benefits and is prepared.
Fall 2007CS 225 Program Correctness and Efficiency Chapter 2.
Software Quality Assurance
Subclasses and Subtypes CMPS Subclasses and Subtypes A class is a subclass if it has been built using inheritance. ▫ It says nothing about the meaning.
Computer Science 340 Software Design & Testing Design By Contract.
Ranga Rodrigo. Class is central to object oriented programming.
Testing. What is Testing? Definition: exercising a program under controlled conditions and verifying the results Purpose is to detect program defects.
Testing. Definition From the dictionary- the means by which the presence, quality, or genuineness of anything is determined; a means of trial. For software.
1 Debugging and Testing Overview Defensive Programming The goal is to prevent failures Debugging The goal is to find cause of failures and fix it Testing.
1 Abstraction  Identify important aspects and ignore the details  Permeates software development programming languages are abstractions built on hardware.
A Pragmatic Application of PbC Karlstads University Computer Science A pragmatic Application of Programming by Contract Martin Blom / Eivind Nordby Karlstad.
Testing -- Part II. Testing The role of testing is to: w Locate errors that can then be fixed to produce a more reliable product w Design tests that systematically.
SWE 619 © Paul Ammann Procedural Abstraction and Design by Contract Paul Ammann Information & Software Engineering SWE 619 Software Construction cs.gmu.edu/~pammann/
111 Protocols CS 4311 Wirfs Brock et al., Designing Object-Oriented Software, Prentice Hall, (Chapter 8) Meyer, B., Applying design by contract,
Effective C#, Chapter 1: C# Language Elements Last Updated: Fall 2011.
Low-Level Detailed Design SAD (Soft Arch Design) Mid-level Detailed Design Low-Level Detailed Design Design Finalization Design Document.
DEBUGGING. BUG A software bug is an error, flaw, failure, or fault in a computer program or system that causes it to produce an incorrect or unexpected.
Introduction CS 3358 Data Structures. What is Computer Science? Computer Science is the study of algorithms, including their  Formal and mathematical.
Today’s Agenda  Reminder: HW #1 Due next class  Quick Review  Input Space Partitioning Software Testing and Maintenance 1.
FDT Foil no 1 On Methodology from Domain to System Descriptions by Rolv Bræk NTNU Workshop on Philosophy and Applicablitiy of Formal Languages Geneve 15.
1 Introduction to Software Testing. Reading Assignment P. Ammann and J. Offutt “Introduction to Software Testing” ◦ Chapter 1 2.
1 CSCD 326 Data Structures I Software Design. 2 The Software Life Cycle 1. Specification 2. Design 3. Risk Analysis 4. Verification 5. Coding 6. Testing.
© 2006 Pearson Addison-Wesley. All rights reserved2-1 Chapter 2 Principles of Programming & Software Engineering.
Testing OO software. State Based Testing State machine: implementation-independent specification (model) of the dynamic behaviour of the system State:
David Streader Computer Science Victoria University of Wellington Copyright: David Streader, Victoria University of Wellington Debugging COMP T1.
ANU COMP2110 Software Design in 2003 Lecture 10Slide 1 COMP2110 Software Design in 2004 Lecture 12 Documenting Detailed Design How to write down detailed.
CS451 Lecture 10: Software Testing Yugi Lee STB #555 (816)
SWE 4743 Abstract Data Types Richard Gesick. SWE Abstract Data Types Object-oriented design is based on the theory of abstract data types Domain.
Karlstad University Computer Science Design Contracts and Error Management External and internal errors and their contracts.
Software Quality Assurance and Testing Fazal Rehman Shamil.
SOLID Design Principles
Object-Oriented Design Concepts University of Sunderland.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.
DBC NOTES. Design By Contract l A contract carries mutual obligations and benefits. l The client should only call a routine when the routine’s pre-condition.
Effective Java, Chapter 9: Exceptions Items Last modified Fall 2012 Paul Ammann.
Chapter 1 The Phases of Software Development. Software Development Phases ● Specification of the task ● Design of a solution ● Implementation of solution.
© Bertrand Meyer and Yishai Feldman Notice Some of the material is taken from Object-Oriented Software Construction, 2nd edition, by Bertrand Meyer (Prentice.
Design by Contract Jim Fawcett CSE784 – Software Studio
Design by Contract Jim Fawcett CSE784 – Software Studio
Chapter 8 – Software Testing
Adaptive Code Via C#
CSC 143 Error Handling Kinds of errors: invalid input vs programming bugs How to handle: Bugs: use assert to trap during testing Bad data: should never.
Effective Java, 3rd Edition Chapter 10: Exceptions
IMPORTANT NOTE Some parts of these section slides deal with null ints. This was a mistake, as primitives cannot be null. These issues have been corrected.
Assertions References: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 4/25/2019.
Effective Java, Chapter 9: Exceptions
1.
Design Contracts and Errors A Software Development Strategy
Presentation transcript:

Error Management with Design Contracts Karlstad University Computer Science Error Management with Design Contracts Eivind J. Nordby, Martin Blom, Anna Brunstrom Computer Science, Karlstad University Presented at SERP '01 Ronneby

Karlstad University Computer Science Error Management with Design Contracts SERP '01 Ronneby 2 How can code complexity be reduced? –There is a paranoia to handle all kinds of errors in all possible situations referred to as defensive programming –A lot of code complexity is due to error management Q & A Distinguish between different kinds of errors Reduce error management where it is not needed

Karlstad University Computer Science Error Management with Design Contracts SERP '01 Ronneby 3 We present a development strategy and a case study –based on design contracts –for error management –in software development External and internal errors Weak and strong contracts Liskov (LSP) and Meyer (ARR) The strategy The case study Disposition

Karlstad University Computer Science Error Management with Design Contracts SERP '01 Ronneby 4 A system part exposes interfaces –external or internal External and internal interfaces System part Supplier Internal interface External interface

Karlstad University Computer Science Error Management with Design Contracts SERP '01 Ronneby 5 External and internal errors on a per use basis, varying from case to case on a permanent basis, consistent until the software is corrected External errors –commited by end users or external systems – –cause violation of external interfaces Internal errors –committed by developers –result in faults in the software –cause violation of internal interfaces

Karlstad University Computer Science Error Management with Design Contracts SERP '01 Ronneby 6 Design contracts: Basic principles SupplierClient Precondition met SupplierClient Precondition not met Correct Postcondition met ! QIQO Postcondition not met ? Correct GIGO result undefined

Karlstad University Computer Science Error Management with Design Contracts SERP '01 Ronneby 7 not OK Weak vs. strong contracts Weak contract Any input accepted successfailure OK Double responsibility not qualifiedqualified Qualified input required Client responsibility Strong contract

Karlstad University Computer Science Error Management with Design Contracts SERP '01 Ronneby 8 Weak contracts –are needed where a correct call cannot be assured providing an open-ended exit Strong contracts –simplifies the solution by reducing complexity –simplifies error detection by allocating responsibilities Comparison reducing the number of faults and saving time Strong contracts should be used whenever possible

Karlstad University Computer Science Error Management with Design Contracts SERP '01 Ronneby 9 External errors –wrong input should be tolerated –the user should be informed –handled by weak contracts Internal errors –faults resulting from internal errors should be detected –the fault should be corrected before proceeding –handled by strong contracts Correspondence contracts  errors

Karlstad University Computer Science Error Management with Design Contracts SERP '01 Ronneby 10 If –for all o 1 –there exists an o 2 –when P depends on T –o 1 can replace o 2 –behavior of P is unchanged Then –S is a subtype of T Liskov's Substitution Principle (LSP) o 1 :S o 2 :T :P defined in terms of o 1 replaces o 2

Karlstad University Computer Science Error Management with Design Contracts SERP '01 Ronneby 11 Meyer's Assertion Redeclaration Rule (ARR) T::f() pre T post T S::f() pre S post S expectsassures expects pre T post T Needed: pre T  pre S Needed: post S  post T

Karlstad University Computer Science Error Management with Design Contracts SERP '01 Ronneby 12 When a routine is redefined in a subclass: if the redefined –precondition is weaker than or equal to –postcondition is stronger than or equal to the original one then –the clients of the class are not affected  the subclass is a Liskov subtype Liskov (LSP) and Meyer (ARR) combined

Karlstad University Computer Science Error Management with Design Contracts SERP '01 Ronneby 13 Definition –a redefined contract is weaker than the original one if it satisfied the Assertion Redeclaration Rule Consequence –weakening a contract defines a Liskov subtype of the module Generalization –not only for classes –for modules in general Weak and strong contracts

Karlstad University Computer Science Error Management with Design Contracts SERP '01 Ronneby 14 Start with strong contracts –reduce internal errors Change to weak contracts when error free –accommodate external errors Add handling in the client –of the added postconditions in the weakened contract The strategy

Karlstad University Computer Science Error Management with Design Contracts SERP '01 Ronneby 15 Architecture of the Case Study

Karlstad University Computer Science Error Management with Design Contracts SERP '01 Ronneby 16 System access from wap or web browser End users maintain dynamic, personalized menus –Most common telecom services or Internet links Editing options –Move, delete, edit menu options –Create, delete, link menus Operation options –Normal hyperlink operation Functionality of the Case Study

Karlstad University Computer Science Error Management with Design Contracts SERP '01 Ronneby 17 Whole system –10 persons, 6 months –16,000 lines of code, including comments and blank lines Business logic module –2 persons –6,000 lines of code –17 classes, 70 operations including internal support operations Size of the Case Study

Karlstad University Computer Science Error Management with Design Contracts SERP '01 Ronneby 18 Strong contracts were applied in the Business Logic interface Example from class Menu –MenuItem getItem(itemId) –Called from a user menu display –Precondition: the item exists in the menu –Postcondition: the details about the menu item are returned Contracts of the Case Study

Karlstad University Computer Science Error Management with Design Contracts SERP '01 Ronneby 19 In class Menu loop from first item compare current item with parameter until parameter item found return the details of the current item Exploiting the strong contracts –precondition  loop runs at least once –precondition  item found before end of list Implementation of getItem(itemId) Contract violation detection –Java’s built-in runtime control –“Index out of bounds”, “Null pointer” exceptions

Karlstad University Computer Science Error Management with Design Contracts SERP '01 Ronneby 20 Implementation of Business Logic module –Focus on design and correctness no development time spent on handling illegal calls –Quick and virtually error free implementation Programmers not used to strong contracts –Initial contract violations and crashes –Subsequent disciplined use and –Few faults in the business logic communication Stable failure profile –Fault were detected early, no late surprises Experiences from using Strong Contracts

Karlstad University Computer Science Error Management with Design Contracts SERP '01 Ronneby 21 Some operations were subject to illegal calls –An URL with function parameters could be edited manually on the web browser The contracts of 16 operations were weakened –MenuItem getItem(itemId) –Precondition: true –Postcondition: if the item exists in the menu, then the details about the menu item has been returned, else an exception has been thrown Weakening the Contracts

Karlstad University Computer Science Error Management with Design Contracts SERP '01 Ronneby 22 Modification in the Business Logic –was easy –caused no new faults Adaptation in the client software –to take advantage of the weaker contracts for robustness –was easy –caused few new faults Experiences from weakening the Contracts

Karlstad University Computer Science Error Management with Design Contracts SERP '01 Ronneby 23 Starting out with strong contracts –allows initial focus on correctness –improves fault characteristics –allows later weakening without affecting client code Passing to weak contracts –on selected operations exposed to external errors –adds system robustness as a separate concern –is easy and cost effective Conclusions

Error Management with Design Contracts Karlstad University Computer Science Thank you for your attention! Are there any questions? Eivind J. Nordby, Martin Blom, Anna Brunstrom Karlstad University, Computer Science, Karlstad {Martin.Blom, Eivind.Nordby,

Karlstad University Computer Science Error Management with Design Contracts SERP '01 Ronneby 25 Failure = the product behaving incorrectly Fault = defect in the product –May result in a failure during execution Error = wrong human behavior –Error from a developer should be avoided may produce faults in the software –Error from the end user must be tolerated and taken care of the software should protect the system integrity Failures, faults and errors

Karlstad University Computer Science Error Management with Design Contracts SERP '01 Ronneby 26 Liskov only requires this to be true in the cases covered by the original routine –that is when the original precondition is satisfied Strong vs. weak contracts –pre S  pre W : qualified input  true –pre S : post W  post S : post W and success = post S Liskov (LSP) and Meyer (ARR)

Karlstad University Computer Science Error Management with Design Contracts SERP '01 Ronneby 27 Strong contracts are suited for detecting faults resulting from internal errors –promote fault free software A strong contract may be LSP substituted by a weaker one –will not affect client software Weak contracts are suited for tolerating external errors –promote robust external interfaces Summary of the principles

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.