Presentation is loading. Please wait.

Presentation is loading. Please wait.

Are Practitioners Writing Contracts?

Published byDrusilla Reed Modified over 5 years ago

Similar presentations

Presentation on theme: "Are Practitioners Writing Contracts?"— Presentation transcript:

1 Are Practitioners Writing Contracts?
Patrice Chalin Dependable Software Research Group (DSRG) Computer Science and Software Engineering Department Concordia University Montreal, Canada REFT Workshop 19 July 2005 at the FM05 Formal Methods Conference, Newcastle upon Tyne, UK, July 2005

2 Tackling Increasingly Large and Complex S/W:
Modular design methodologies have been proposed to help manage the increasing size and complexity S/W systems Effective modularization also Provides opportunities for reuse In very large systems Module / component interfaces must be rigorously defined. 9/17/2018 GC6 - DSE - P.Chalin,

3 Interface Specification of OO Sys.
… expressed by contracts (an increasingly popular method) Design by Contract (DBC) 9/17/2018 GC6 - DSE - P.Chalin,

4 Languages Supporting DBC
Eiffel Only active lang. with built-in support for DBC. Whether you include Spark in this list depends on your definition of DBC. If DBC means run-time assertion checking, then Spark should be excluded from this list. JACK uses JML (for the most part), as does ESC/Java2 9/17/2018 GC6 - DSE - P.Chalin,

5 Language Extensions for DBC
Several research efforts are underway to “add” support for DBC to other languages. Support is added by extending a subset of the target language: Spark for Ada* APP for C Spec# for C# Java Modeling Language (JML), Jass, … for Java. Jass, ESC/Java, Jcontract, 9/17/2018 GC6 - DSE - P.Chalin,

6 DBC Research Justified?
Does, having DBC support  developers will write contracts? 9/17/2018 GC6 - DSE - P.Chalin,

7 Survey Are practitioners writing contracts? Subjects: Eiffel programs.
Are practitioners writing assertions? What kind of assertions? Subjects: Eiffel programs. Measure of the % SLOC that are assertions. 9/17/2018 GC6 - DSE - P.Chalin,

8 Eiffel: A brief review …
9/17/2018 GC6 - DSE - P.Chalin,

9 Eiffel Sample: N-ary Xor
indexing description: "Routines that ought to be in class BOOLEAN" library: "Gobo Eiffel Kernel Library" copyright: "Copyright (c) 2002, Berend de Boer and others" revision: "$Revision: 1.2 $" class KL_BOOLEAN_ROUTINES feature -- Access nxor (a_booleans: ARRAY[BOOLEAN]): BOOLEAN is -- N-ary exclusive or require … local i, nb: INTEGER do i := a_booleans.lower nb := a_booleans.upper from until i > nb loop -- Lines 27 … 37 removed end ensure … Eiffel Sample: N-ary Xor 9/17/2018 GC6 - DSE - P.Chalin,

10 Eiffel Sample: N-ary Xor
indexing description: "Routines that ought to be in class BOOLEAN" library: "Gobo Eiffel Kernel Library" copyright: "Copyright (c) 2002, Berend de Boer and others" revision: "$Revision: 1.2 $" class KL_BOOLEAN_ROUTINES feature -- Access nxor (a_booleans: ARRAY[BOOLEAN]): BOOLEAN is -- N-ary exclusive or require … local i, nb: INTEGER do i := a_booleans.lower nb := a_booleans.upper from until i > nb loop -- Lines 27 … 37 removed end ensure … Assertions: Preconditions Postconditions Class invariants Loop invariants Loop variants Check clause Eiffel Sample: N-ary Xor 9/17/2018 GC6 - DSE - P.Chalin,

11 Eiffel: Sample Precondition
nxor(a_booleans: ...) : BOOLEAN is require a_booleans_not_void: a_booleans /= Void 9/17/2018 GC6 - DSE - P.Chalin,

12 Eiffel Sample Postcondition
... ensure zero: a_booleans.count = 0 implies not Result unary: a_booleans.count = 1 implies Result = a_booleans.item (a_booleans.lower) binary: a_booleans.count = 2 implies Result = (a_booleans.item (a_booleans.lower) xor a_booleans.item (a_booleans.upper)) -- more: there exists one and only one `i' in -- a_boolean.lower..a_boolean.upper so that -- a_boolean.item (i) = True end 9/17/2018 GC6 - DSE - P.Chalin,

13 Eiffel Sample Postcondition
ensure zero: … binary: a_booleans.count = 2 implies Result = (…) xor (…) -- more: there exists one and -- only one `i' in -- a_boolean.lower..a_boolean.upper -- so that -- a_boolean.item (i) = True end 9/17/2018 GC6 - DSE - P.Chalin,

14 Eiffel Loops from initialization_instructions invariant assertion
until exit_condition loop loop_instructions end 9/17/2018 GC6 - DSE - P.Chalin,

15 Survey Metrics Count Lines-of-code (LOC): Blank Comment
Physical Source LOC (SLOC). 9/17/2018 GC6 - DSE - P.Chalin,

16 Subjects 80+ projects Categorized: Proprietary Open source Eiffel 5.5
9/17/2018 GC6 - DSE - P.Chalin,

17 Eiffel Survey: Project Distribution
Project Category # of files LOC SLOC Proj. Cat. Proprietary 18584 2.7M 2.0M 51% Open Source 10657 1.7M 1.3M 33% Eiffel 5.5 4840 1.0M 0.7M 17% Total 34081 5.4M 4.0M 100% 9/17/2018 GC6 - DSE - P.Chalin,

18 Eiffel Survey: General Results
LOC SLOC Blank Com-ment Index SLOC Total (106) 5.4 4.0 0.82 0.55 0.17 % LOC 100% 74.6% 15.2% 10.2% 3.2% 9/17/2018 GC6 - DSE - P.Chalin,

19 Eiffel Survey: % SLOC that are assertions
9/17/2018 GC6 - DSE - P.Chalin,

20 Eiffel Survey: Assertions Distribution in Kind
9/17/2018 GC6 - DSE - P.Chalin,

21 Other Statistics req ens cl.inv l.inv l.var check Total
Max AsnLOC size 30 24 35 7 2 14 Average size 1.7 1.5 2.4 1.6 1.0 1.2 % (e /= Void) 44.4 23.6 51.2 2.1 0.0 35.1 36.8 9/17/2018 GC6 - DSE - P.Chalin,

22 Contracts Are Being Written
Good news for DBC researchers. 9/17/2018 GC6 - DSE - P.Chalin,

23 Beyond DBC for Fault Tolerance
“DBC” style contracts are insufficient. Next level of specification … 9/17/2018 GC6 - DSE - P.Chalin,

24 Beyond DBC … Behavioral interface specifications Design by Contract
Ad hoc use of assertions Assertions not used 9/17/2018 GC6 - DSE - P.Chalin,

25 Behavioral Interface Specifications
Behavioral specification also captures includes behavior in exceptional cases. 9/17/2018 GC6 - DSE - P.Chalin,

26 Multi-threaded support
Extensions to current single-threaded approaches: JML Spec# 9/17/2018 GC6 - DSE - P.Chalin,

Download ppt "Are Practitioners Writing Contracts?"

Similar presentations

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 6 Disclaimer. These notes are derived from notes originally.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 6 Disclaimer. These notes are derived from notes originally.
Omnibus: A clean language and supporting tool for integrating different assertion-based verification techniques Thomas Wilson, Savi Maharaj, Robert G.

Omnibus: A clean language and supporting tool for integrating different assertion-based verification techniques Thomas Wilson, Savi Maharaj, Robert G.
Addressing the Challenges of Current Software. Questions to Address Why? What? Where? How?

Addressing the Challenges of Current Software. Questions to Address Why? What? Where? How?
The Java Modeling Language JML Erik Poll Digital Security Radboud University Nijmegen.

The Java Modeling Language JML Erik Poll Digital Security Radboud University Nijmegen.
Chair of Software Engineering OOSC - Summer Semester 2004 1 Object-Oriented Software Construction Bertrand Meyer.

Chair of Software Engineering OOSC - Summer Semester Object-Oriented Software Construction Bertrand Meyer.
Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University 1 Modularization.

Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University 1 Modularization.
Dept. of Computer Science A Runtime Assertion Checker for the Java Modeling Language (JML) Yoonsik Cheon and Gary T. Leavens SERP 2002, June 24-27, 2002.

Dept. of Computer Science A Runtime Assertion Checker for the Java Modeling Language (JML) Yoonsik Cheon and Gary T. Leavens SERP 2002, June 24-27, 2002.
Design by Contract. Specifications Correctness formula (Hoare triple) {P} A {Q} – A is some operation (for example, a routine body) – P and Q are predicates.

Design by Contract. Specifications Correctness formula (Hoare triple) {P} A {Q} – A is some operation (for example, a routine body) – P and Q are predicates.
An overview of JML tools and applications Lilian Burdy Gemplus Yoonsik Cheon, Gary Leavens Iowa Univ. David Cok Kodak Michael Ernst MIT Rustan Leino Microsoft.

An overview of JML tools and applications Lilian Burdy Gemplus Yoonsik Cheon, Gary Leavens Iowa Univ. David Cok Kodak Michael Ernst MIT Rustan Leino Microsoft.
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Chair of Software Engineering OOSC - Summer Semester 2005 1 Object-Oriented Software Construction Bertrand Meyer Lecture 10: Project Presentation Ilinca.

Chair of Software Engineering OOSC - Summer Semester Object-Oriented Software Construction Bertrand Meyer Lecture 10: Project Presentation Ilinca.
Chair of Software Engineering ATOT - Lecture 12, 12 May 2003 1 Advanced Topics in Object Technology Bertrand Meyer.

Chair of Software Engineering ATOT - Lecture 12, 12 May Advanced Topics in Object Technology Bertrand Meyer.
JML and Class Specifications Class invariant JML definitions Queue example Running JML in Eclipse.

JML and Class Specifications Class invariant JML definitions Queue example Running JML in Eclipse.
Chair of Software Engineering Einführung in die Programmierung Introduction to Programming Prof. Dr. Bertrand Meyer Lecture 4: The Interface of a Class.

Chair of Software Engineering Einführung in die Programmierung Introduction to Programming Prof. Dr. Bertrand Meyer Lecture 4: The Interface of a Class.
Chair of Software Engineering Einführung in die Programmierung Introduction to Programming Prof. Dr. Bertrand Meyer Lecture 4: The Interface of a Class.

Chair of Software Engineering Einführung in die Programmierung Introduction to Programming Prof. Dr. Bertrand Meyer Lecture 4: The Interface of a Class.
Houdini: An Annotation Assistant for ESC/Java Cormac Flanagan and K. Rustan M. Leino Compaq Systems Research Center.

Houdini: An Annotation Assistant for ESC/Java Cormac Flanagan and K. Rustan M. Leino Compaq Systems Research Center.
OOP #10: Correctness Fritz Henglein. Wrap-up: Types A type is a collection of objects with common behavior (operations and properties). (Abstract) types.

OOP #10: Correctness Fritz Henglein. Wrap-up: Types A type is a collection of objects with common behavior (operations and properties). (Abstract) types.
Chair of Software Engineering ATOT - Lecture 3, 7 April 2003 1 Advanced Topics in Object Technology Bertrand Meyer.

Chair of Software Engineering ATOT - Lecture 3, 7 April Advanced Topics in Object Technology Bertrand Meyer.
Software Quality: Testing and Verification II. 2 1.A failure is an unacceptable behaviour exhibited by a system — The frequency of failures measures software.

Software Quality: Testing and Verification II. 2 1.A failure is an unacceptable behaviour exhibited by a system — The frequency of failures measures software.

Similar presentations

Ads by Google