Presentation is loading. Please wait.

Presentation is loading. Please wait.

Design by Contract. Specifications Correctness formula (Hoare triple) {P} A {Q} – A is some operation (for example, a routine body) – P and Q are predicates.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Design by Contract. Specifications Correctness formula (Hoare triple) {P} A {Q} – A is some operation (for example, a routine body) – P and Q are predicates."— Presentation transcript:

1 Design by Contract

2 Specifications Correctness formula (Hoare triple) {P} A {Q} – A is some operation (for example, a routine body) – P and Q are predicates – P is called precondition – Q is called postcondition Meaning of a correctness formula: “Any execution of A, starting in a state where P holds, will terminate in a state where Q holds” Example: { x >= 9} x:=x+5 {x>=13}

3 Eiffel Example class STACK[G] count: INTEGER -- Number of stack elements item: G -- Top element empty: BOOLEAN is -- Is stack empty? do … end full: BOOLEAN is -- Is stack representation full? do... end …

4 Eiffel Example (2) class STACK[G] … put (x: G) is -- Add x on top require not_full: not full do... ensure not_empty: not empty added_to_top: item = x one_more_item: count = old count + 1 end …

5 Invariant A set of assertions that every instance of the class will satisfy: – immediately following the creation – before and after any “remote” call to the routine of the class Class invariant is an object “state” restriction Correctness formula (revisited) {P and INVARIANT} A {Q and INVARIANT} class STACK[G] … invariant non_negative_count: count >= 0 end

6 Loop Assertions Loop invariant the list of assertions, which will be validated before each loop cycle Loop variant – designed to protect against infinite calculations – an integer expression, which is checked before each loop cycle – if one of the following is violated, the loop assertion is violated:  loop variant has to decrease properly each loop cycle  loop variant has to remain nonnegative

7 Find the smallest element in an array from i := a.lower s := a.item(i) invariant -- s is the smallest element in the set – -- {a.item (a.lower),..., a.item(i)} variant a.upper – i until i = a.upper loop i := i + 1 s := s.min(a.item(i)) end

8 Assertion Redeclaration rule In the redeclared version of a routine, it is not permitted to use a require or ensure clause. Instead you may: Introduce a new condition with require else, for boolean or with the original precondition. Introduce a new condition with ensure then, for boolean and with the original postcondition. In the absence of such a clause, the original assertions are retained.

9 Example (1) class A … foo (x : INTEGER ) is require r1 do… end end; class B inherit A … foo (x : INTEGER ) is require r2 do … end end; The actual requirement is

10 Example (2) class A … foo (x : INTEGER ) is do … ensure e1 end end; class B inherit A … foo (x : INTEGER ) is do… ensure e2 end end; The actual promise is

11 Invariants Redeclaration rule The invariant property of class is the boolean and of the assertions appearing in its invariant clause and of the invariant properties of its parents if any. class A … invariant i1 end; class B inherit A … invariant i2 end; The actual invariant is

Download ppt "Design by Contract. Specifications Correctness formula (Hoare triple) {P} A {Q} – A is some operation (for example, a routine body) – P and Q are predicates."

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Ceg860(Prasad)L10DC1 Design by Contract Invariants Pre-post conditions : Rights and Obligations Exceptions : Contract Violations.

Ceg860(Prasad)L10DC1 Design by Contract Invariants Pre-post conditions : Rights and Obligations Exceptions : Contract Violations.
© Bertrand Meyer and Yishai Feldman Notice Some of the material is taken from Object-Oriented Software Construction, 2nd edition, by Bertrand Meyer (Prentice.

© Bertrand Meyer and Yishai Feldman Notice Some of the material is taken from Object-Oriented Software Construction, 2nd edition, by Bertrand Meyer (Prentice.
Semantics Static semantics Dynamic semantics attribute grammars

Semantics Static semantics Dynamic semantics attribute grammars
Copyright 2003-04, Doron Peled and Cesare Tinelli. These notes are based on a set of lecture notes originally developed by Doron Peled at the University.

Copyright , Doron Peled and Cesare Tinelli. These notes are based on a set of lecture notes originally developed by Doron Peled at the University.
ICE1341 Programming Languages Spring 2005 Lecture #6 Lecture #6 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.

ICE1341 Programming Languages Spring 2005 Lecture #6 Lecture #6 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.
Chair of Software Engineering OOSC - Summer Semester 2004 1 Object-Oriented Software Construction Bertrand Meyer.

Chair of Software Engineering OOSC - Summer Semester Object-Oriented Software Construction Bertrand Meyer.
Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.

Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.
1 Design by Contract Building Reliable Software. 2 Software Correctness Correctness is a relative notion  A program is correct with respect to its specification.

1 Design by Contract Building Reliable Software. 2 Software Correctness Correctness is a relative notion  A program is correct with respect to its specification.
1/22 Programs : Semantics and Verification Charngki PSWLAB Programs: Semantics and Verification Mordechai Ben-Ari Mathematical Logic for Computer.

1/22 Programs : Semantics and Verification Charngki PSWLAB Programs: Semantics and Verification Mordechai Ben-Ari Mathematical Logic for Computer.
Weakest pre-conditions and towards machine consistency Saima Zareen.

Weakest pre-conditions and towards machine consistency Saima Zareen.
Inheritance. class RECTANGLE inherit POLYGON RECTANGLE includes features of POLYGON r: RECTANGLE; p: POLYGON Polymorphism p := r -- legal assignment Dynamic.

Inheritance. class RECTANGLE inherit POLYGON RECTANGLE includes features of POLYGON r: RECTANGLE; p: POLYGON Polymorphism p := r -- legal assignment Dynamic.
1 - 7 - Design by Contract ™. 2 Design by Contract A discipline of analysis, design, implementation, management.

Design by Contract ™. 2 Design by Contract A discipline of analysis, design, implementation, management.
Chair of Software Engineering OOSC Summer Semester 2004 1 Object-Oriented Software Construction Bertrand Meyer.

Chair of Software Engineering OOSC Summer Semester Object-Oriented Software Construction Bertrand Meyer.
Chair of Software Engineering Einführung in die Programmierung Introduction to Programming Prof. Dr. Bertrand Meyer Lecture 17: Topological Sort Algorithm.

Chair of Software Engineering Einführung in die Programmierung Introduction to Programming Prof. Dr. Bertrand Meyer Lecture 17: Topological Sort Algorithm.
1 Specifying Object Interfaces. 2 Major tasks in this stage: --are there any missing attributes or operations? --how can we reduce coupling, make interface.

1 Specifying Object Interfaces. 2 Major tasks in this stage: --are there any missing attributes or operations? --how can we reduce coupling, make interface.
1 Advanced Material The following slides contain advanced material and are optional.

1 Advanced Material The following slides contain advanced material and are optional.
Chair of Software Engineering ATOT - Lecture 12, 12 May 2003 1 Advanced Topics in Object Technology Bertrand Meyer.

Chair of Software Engineering ATOT - Lecture 12, 12 May Advanced Topics in Object Technology Bertrand Meyer.
Chair of Software Engineering OOSC - Summer Semester 2005 1 Object-Oriented Software Construction Bertrand Meyer Lecture 12: Design by Contract™

Chair of Software Engineering OOSC - Summer Semester Object-Oriented Software Construction Bertrand Meyer Lecture 12: Design by Contract™
Chair of Software Engineering ATOT - Lecture 9, 30 April 2003 1 Advanced Topics in Object Technology Bertrand Meyer.

Chair of Software Engineering ATOT - Lecture 9, 30 April Advanced Topics in Object Technology Bertrand Meyer.

Similar presentations

Ads by Google