Presentation is loading. Please wait.

Presentation is loading. Please wait.

Class Invariants Pre-conditions and post-conditions describe the properties of individual methods. A class invariant is a global property of the instances.

Published by효선 수 Modified over 5 years ago

Similar presentations

Presentation on theme: "Class Invariants Pre-conditions and post-conditions describe the properties of individual methods. A class invariant is a global property of the instances."— Presentation transcript:

1 Class Invariants Pre-conditions and post-conditions describe the properties of individual methods. A class invariant is a global property of the instances of a class, which must be preserved by all methods. A class invariant is an assertion in the class definition. E.g. a stack class might have the following class invariant: count >= 0 and count <= capacity and stack_is_empty = (count = 0)

2 Class Invariants An invariant for a class C must be satisfied by every instance of C at all “stable” times. “Stable” times are those in which the instance is in an observable state

3 invariant: min <= max.
Example A (mutable) class representing a range of real numbers: public class RealRange { private RealNumber min, max; public RealRange(RealNumber min, RealNumber max) { this.min = min; this.max = max; } public void setRange(RealNumber newMin, RealNumber newMax) { this.min = newMin; this.max = newMax; } invariant: min <= max.

4 An assertion I is a correct invariant for a class C if and only if:
The Invariant Rule An assertion I is a correct invariant for a class C if and only if: Every constructor of C, when applied to arguments satisfying its precondition in a state where the attributes have their default values, yields a state satisfying I. Every method of the class, when applied to arguments and a state satisfying both I and the method’s precondition, yields a state satisfying I.

5 What happens to assertions when classes are inherited?
DbC and Inheritance What happens to assertions when classes are inherited? How can assertions be “preserved” in the face of redeclaration (overriding) and dynamic binding? Actually assertions help maintain the semantics of classes and methods when they are inherited.

6 The parents’ invariants need not be repeated in the class.
The invariants of all the parents of a class apply to the class itself. The parents’ invariants are added (logically “and”ed) to the class’s own invariants. Class Parent Attrs … Methods … Inv: P Class Parent Attrs … Methods … Inv: P Class Child Attrs … Methods … Inv: C Class Child Attrs … Methods … Inv: P  C The parents’ invariants need not be repeated in the class.

7 Pre and Postconditions
A method redeclaration may only do the following: Pre-condition Post-condition replace the original precondition by one equal or weaker replace the original postcondition by one equal or stronger The new version must accept all calls that were acceptable to the original. The new version must guarantee at least as much as the original. It may, but does not have to, accept more cases. It may, but does not have to, guarantee more. e.g. replace pre: x<10 by pre: x<=10 e.g. replace post: x<=10 by post: x=10

8 Summary Software reliability requires precise specifications which are honoured by both the supplier and the client. DbC uses assertions (pre and postconditions, invariants) as a contract between supplier and client. DbC works equally well under inheritance.

9 Languages with third-party support:
C and C++: DBC for C preprocessor, GNU Nana C#: eXtensible C# (XC#). Java: iContract2, Contract4J, jContractor, Jcontract, C4J, CodePro Analytix, STclass, Jass preprocessor, OVal with AspectJ, Java Modeling Language (JML), SpringContracts for the Spring framework, or Modern Jass, Custos using AspectJ. JavaScript: Cerny.js or ecmaDebug. Common Lisp: the macro facility or the CLOS metaobject protocol. Scheme: the PLT Scheme extension Perl: the CPAN modules Class::Contract , Carp::Datum Python, PyDBC , Contracts for Python. Ruby: Ruby DBC , ruby-contract.

Download ppt "Class Invariants Pre-conditions and post-conditions describe the properties of individual methods. A class invariant is a global property of the instances."

Similar presentations

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Design by Contract.

Design by Contract.
Presenter: Chris Treml

Presenter: Chris Treml
272: Software Engineering Fall 2012

272: Software Engineering Fall 2012
© Bertrand Meyer and Yishai Feldman Notice Some of the material is taken from Object-Oriented Software Construction, 2nd edition, by Bertrand Meyer (Prentice.

© Bertrand Meyer and Yishai Feldman Notice Some of the material is taken from Object-Oriented Software Construction, 2nd edition, by Bertrand Meyer (Prentice.
ICE1341 Programming Languages Spring 2005 Lecture #6 Lecture #6 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.

ICE1341 Programming Languages Spring 2005 Lecture #6 Lecture #6 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.
1 Computer Science 340 Software Design & Testing Inheritance & Design By Contract.

1 Computer Science 340 Software Design & Testing Inheritance & Design By Contract.
Design by Contract. Design by contract is the process of developing software based on the notion of contracts between objects, which are expressed as.

Design by Contract. Design by contract is the process of developing software based on the notion of contracts between objects, which are expressed as.
Chair of Software Engineering OOSC - Summer Semester 2004 1 Object-Oriented Software Construction Bertrand Meyer.

Chair of Software Engineering OOSC - Summer Semester Object-Oriented Software Construction Bertrand Meyer.
Error Management with Design Contracts Karlstad University Computer Science Error Management with Design Contracts Eivind J. Nordby, Martin Blom, Anna.

Error Management with Design Contracts Karlstad University Computer Science Error Management with Design Contracts Eivind J. Nordby, Martin Blom, Anna.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
Copyright © 2006 Addison-Wesley. All rights reserved. 3.5 Dynamic Semantics Meanings of expressions, statements, and program units Static semantics – type.

Copyright © 2006 Addison-Wesley. All rights reserved. 3.5 Dynamic Semantics Meanings of expressions, statements, and program units Static semantics – type.
1 Design by Contract Building Reliable Software. 2 Software Correctness Correctness is a relative notion  A program is correct with respect to its specification.

1 Design by Contract Building Reliable Software. 2 Software Correctness Correctness is a relative notion  A program is correct with respect to its specification.
Dept. of Computer Science A Runtime Assertion Checker for the Java Modeling Language (JML) Yoonsik Cheon and Gary T. Leavens SERP 2002, June 24-27, 2002.

Dept. of Computer Science A Runtime Assertion Checker for the Java Modeling Language (JML) Yoonsik Cheon and Gary T. Leavens SERP 2002, June 24-27, 2002.
Inheritance 2 Ranga Rodrigo Based on Mark Priestley's Lectures.

Inheritance 2 Ranga Rodrigo Based on Mark Priestley's Lectures.
1 - 7 - Design by Contract ™. 2 Design by Contract A discipline of analysis, design, implementation, management.

Design by Contract ™. 2 Design by Contract A discipline of analysis, design, implementation, management.
91.3913Feb 2003 R McFadyen1 Contracts (Ch 13) Used to help understand requirements more completely based on assertions; assertions are applicable to any.

Feb 2003 R McFadyen1 Contracts (Ch 13) Used to help understand requirements more completely based on assertions; assertions are applicable to any.
Design by Contract. Specifications Correctness formula (Hoare triple) {P} A {Q} – A is some operation (for example, a routine body) – P and Q are predicates.

Design by Contract. Specifications Correctness formula (Hoare triple) {P} A {Q} – A is some operation (for example, a routine body) – P and Q are predicates.
92.3913Jan 2005 Ron McFadyen1 Contracts Used to help understand requirements more completely (and so may not always be necessary) based on assertions;

Jan 2005 Ron McFadyen1 Contracts Used to help understand requirements more completely (and so may not always be necessary) based on assertions;
Inheritance. In this chapter, we will cover: The concept of inheritance Extending classes Overriding superclass methods Working with superclasses that.

Inheritance. In this chapter, we will cover: The concept of inheritance Extending classes Overriding superclass methods Working with superclasses that.

Similar presentations

Ads by Google