Presentation is loading. Please wait.

Presentation is loading. Please wait.

Design by contract Object-Oriented Software Construction by Bertrand Meyer, Prentice Hall The presence of a precondition or postcondition in a routine.

Published byEeva-Kaarina Pesonen Modified over 5 years ago

Similar presentations

Presentation on theme: "Design by contract Object-Oriented Software Construction by Bertrand Meyer, Prentice Hall The presence of a precondition or postcondition in a routine."— Presentation transcript:

1 Design by contract Object-Oriented Software Construction by Bertrand Meyer, Prentice Hall The presence of a precondition or postcondition in a routine is viewed as a contract. 1/17/2019 Design by Contract

2 Rights and obligations
Parties in the contract: class and clients require pre, ensure post with method r: If you promise to call r with pre satisfied then I, in return, promise to deliver a final state in which post is satisfied. Contract: entails benefits and obligations for both parties 1/17/2019 Design by Contract

3 Rights and obligations
Precondition binds clients Postcondition binds class 1/17/2019 Design by Contract

4 Example 1/17/2019 Design by Contract

5 If precondition is not satisfied
If client’s part of the contract is not fulfilled, class can do what it pleases: return any value, loop indefinitely, terminate in some wild way. Advantage of convention: simplifies significantly the programming style. 1/17/2019 Design by Contract

6 Source of complexity Does data passed to a method satisfy requirement for correct processing? Problem: no checking at all or: multiple checking. Multiple checking: conceptual pollution: redundancy; complicates maintenance Recommended approach: use preconditions 1/17/2019 Design by Contract

7 Class invariants and class correctness
Preconditions and postconditions describe properties of individual methods Need for global properties of instances which must be preserved by all routines 0<=nb_elements; nb_elements<=max_size 1/17/2019 Design by Contract

8 Class invariants and class correctness
A class invariant is an assertion appearing in the invariant clause of the class. Must be satisfied by all instances of the class at all “stable” times (instance in stable state): on instance creation before and after every remote call to a routine (may be violated during call) 1/17/2019 Design by Contract

9 Class invariants and class correctness
A class invariant only applies to public methods; private methods are not required to maintain the invariant. 1/17/2019 Design by Contract

10 Invariant Rule An assertion I is a correct class invariant for a class C iff the following two conditions hold: The constructor of C, when applied to arguments satisfying the constructor’s precondition in a state where the attributes have their default values, yields a state satisfying I. Every public method of the class, when applied to arguments and a state satisfying both I and the method’s precondition, yields a state satisfying I. 1/17/2019 Design by Contract

11 Invariant Rule Precondition of a method may involve the initial state and the arguments Postcondition of a method may only involve the final state, the initial state (through old) and in the case of a function, the returned value. The class invariant may only involve the state 1/17/2019 Design by Contract

12 Invariant Rule The class invariant is implicitly added (anded) to both the precondition and postcondition of every exported routine Could do, in principle, without class invariants. But they give valuable information. Class invariant acts as control on evolution of class A class invariant applies to all contracts between a method of the class and a client 1/17/2019 Design by Contract

13 Definitions Class C INV class invariant
method r: prer(xr) precondition; postr postcondition xr: possible arguments of r Br: body of method r DefaultC: attributes have default values 1/17/2019 Design by Contract

14 Correctness of a class A class C is said to be correct with respect to its assertions if and only if For every public method r other than the constructor and any set of valid arguments xr: {INV and prer(xr)} Br {INV and postr} For any valid set of arguments xC to the constructor: {DefaultC and preC(xC) BC {INV} 1/17/2019 Design by Contract

15 How to prove correctness
A complex story 1/17/2019 Design by Contract

16 The End 1/17/2019 Design by Contract

Download ppt "Design by contract Object-Oriented Software Construction by Bertrand Meyer, Prentice Hall The presence of a precondition or postcondition in a routine."

Similar presentations

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Writing specifications for object-oriented programs K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 21 Jan 2005 Invited talk, AIOOL 2005 Paris,

Writing specifications for object-oriented programs K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 21 Jan 2005 Invited talk, AIOOL 2005 Paris,
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Design by Contract.

Design by Contract.
Copyright W. Howden1 Programming by Contract CSE 111 6/4/2014.

Copyright W. Howden1 Programming by Contract CSE 111 6/4/2014.
Design By Contract Using JMSAssert.

Design By Contract Using JMSAssert.
Ceg860(Prasad)L10DC1 Design by Contract Invariants Pre-post conditions : Rights and Obligations Exceptions : Contract Violations.

Ceg860(Prasad)L10DC1 Design by Contract Invariants Pre-post conditions : Rights and Obligations Exceptions : Contract Violations.
Building Bug-Free O-O Software: An Introduction to Design By Contract A presentation about Design By Contract and the Eiffel software development tool.

Building Bug-Free O-O Software: An Introduction to Design By Contract A presentation about Design By Contract and the Eiffel software development tool.
Verifying Executable Object-Oriented Specifications with Separation Logic Stephan van Staden, Cristiano Calcagno, Bertrand Meyer.

Verifying Executable Object-Oriented Specifications with Separation Logic Stephan van Staden, Cristiano Calcagno, Bertrand Meyer.
1 Computer Science 340 Software Design & Testing Inheritance & Design By Contract.

1 Computer Science 340 Software Design & Testing Inheritance & Design By Contract.
Design by Contract. Design by contract is the process of developing software based on the notion of contracts between objects, which are expressed as.

Design by Contract. Design by contract is the process of developing software based on the notion of contracts between objects, which are expressed as.
Chair of Software Engineering Software Architecture Prof. Dr. Bertrand Meyer Lecture 6: Exception Handling.

Chair of Software Engineering Software Architecture Prof. Dr. Bertrand Meyer Lecture 6: Exception Handling.
1 Design by Contract Building Reliable Software. 2 Software Correctness Correctness is a relative notion  A program is correct with respect to its specification.

1 Design by Contract Building Reliable Software. 2 Software Correctness Correctness is a relative notion  A program is correct with respect to its specification.
1 - 7 - Design by Contract ™. 2 Design by Contract A discipline of analysis, design, implementation, management.

Design by Contract ™. 2 Design by Contract A discipline of analysis, design, implementation, management.
91.3913Feb 2003 R McFadyen1 Contracts (Ch 13) Used to help understand requirements more completely based on assertions; assertions are applicable to any.

Feb 2003 R McFadyen1 Contracts (Ch 13) Used to help understand requirements more completely based on assertions; assertions are applicable to any.
Chair of Software Engineering OOSC - Summer Semester 2004 1 Object-Oriented Software Construction Bertrand Meyer.

Chair of Software Engineering OOSC - Summer Semester Object-Oriented Software Construction Bertrand Meyer.
Chair of Software Engineering ATOT - Lecture 25, 30 June 2003 1 Advanced Topics in Object Technology Bertrand Meyer.

Chair of Software Engineering ATOT - Lecture 25, 30 June Advanced Topics in Object Technology Bertrand Meyer.
Design by Contract. Specifications Correctness formula (Hoare triple) {P} A {Q} – A is some operation (for example, a routine body) – P and Q are predicates.

Design by Contract. Specifications Correctness formula (Hoare triple) {P} A {Q} – A is some operation (for example, a routine body) – P and Q are predicates.
92.3913Jan 2005 Ron McFadyen1 Contracts Used to help understand requirements more completely (and so may not always be necessary) based on assertions;

Jan 2005 Ron McFadyen1 Contracts Used to help understand requirements more completely (and so may not always be necessary) based on assertions;
Chair of Software Engineering OOSC - Summer Semester 2005 1 Object-Oriented Software Construction Bertrand Meyer Lecture 15: Exception handling.

Chair of Software Engineering OOSC - Summer Semester Object-Oriented Software Construction Bertrand Meyer Lecture 15: Exception handling.

Similar presentations

Ads by Google