Presentation is loading. Please wait.

Presentation is loading. Please wait.

L13: Design by Contract Definition Reliability Correctness Pre- and post-condition Asserts and Exceptions Weak & Strong Conditions Class invariants Conditions.

Published byLillian Georgina Hancock Modified over 8 years ago

Similar presentations

Presentation on theme: "L13: Design by Contract Definition Reliability Correctness Pre- and post-condition Asserts and Exceptions Weak & Strong Conditions Class invariants Conditions."— Presentation transcript:

1 L13: Design by Contract Definition Reliability Correctness Pre- and post-condition Asserts and Exceptions Weak & Strong Conditions Class invariants Conditions for Class Correctness

2 Design by Contract Introduced by Bertrand Meyer and supported by Eiffel. Improves reliability

3 3 What is it? Viewing the relationship between a class and its clients as a formal agreement, expressing each party’s rights and obligations!

4 4 What is Reliability? Correctness: software must perform according to its specification Robustness: software’s ability to react to cases not included in the specification

5 5 Correctness A software system or element is neither correct nor incorrect on its own It is correct or incorrect with respect to a certain specification

6 6 Correctness Formulae Is an expression of the form: {P} A {Q} Which means: –Any execution of A, starting in a state where P holds, will terminate in a state where Q holds Eg {x>=9} x=x+5 {x>=13}

7 7 Preconditions and Postconditions {P} and {Q} are examples of preconditions and postconditions respectively For good programming, we need to: –document our pre- and postconditions –ensure the preconditions are true prior to executing a method –ensure the postconditions are true following method execution

8 8 How to? Two methods: use asserts use exceptions (L10: Exceptions)‏

9 9 Using assert #include void sort(vector *vec) { // precondition assert(vec!=NULL); //... actually sort the vector // postcondition assert(is_sorted(*vec)); };

10 10 Alternative assert #include void sort(vector *vec) { struct DBC { DBC(vector *v):vec(v){ assert(vec!=NULL);}; ~DBC(){assert(is_sorted(*vec));}; vector *vec; } dbc(vec); //... actually do the sorting }

11 11 class PrecondException { PreconditionException() {} } class PostcondException { PostconditionException() {} } class Assertion { public: static void require(boolean expr) { if ( !expr ) throw PreconditionException(); } static void ensure (boolean expr) { if ( !expr ) throw PostconditionException(); }

12 12 An Example - Stack template class Stack { private: T *data; int num_elements; int max_elements; public: Stack(int ne): max_elements(ne),num_elements(0) { data = new T[ne]; }; T pop(){...}; void push(T elem){...}; T peek(){...}; }

13 13 Push (element)‏ Require: stack is not full. Ensure: stack is not empty, top = element, count++.

14 14 Pop()‏ Require: stack is not empty Ensure: stack is not full, count--.

15 15 Weak and Strong Conditions Weak conditions: {...} A {True} // this ensures termination with a state. {False} A {...}

16 16 Class Invariants Are global properties of the instance of a class which must be preserved by all methods Eg: (num_elements >= 0)&& (num_elements < data.length)‏

17 17 How do we Apply Them? In general, a class invariant means that for each method: {INV && pre} body {INV && post} So, we should check at the start and end of each method. But, since invariants are invariant, it makes sense to bundle these checks into a method of their own.

18 18 When is a Class Correct? A class is correct if and only if its implementation is consistent with the preconditions, postconditions and invariants.

19 19 Correctness Defined A class, C, is correct if and only if: –For any valid set of arguments, x p, to a constructor, p: {pre p (x p )} Body p {post p (x p ) && INV} –For every public method, r, and any set of valid arguments, x r : {pre r (x r ) && INV} Body r { post r (x r ) && INV}

Download ppt "L13: Design by Contract Definition Reliability Correctness Pre- and post-condition Asserts and Exceptions Weak & Strong Conditions Class invariants Conditions."

Similar presentations

Where Agile Meets Formal Methods

Where Agile Meets Formal Methods
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Design by Contract.

Design by Contract.
Design By Contract Using JMSAssert.

Design By Contract Using JMSAssert.
Ceg860(Prasad)L10DC1 Design by Contract Invariants Pre-post conditions : Rights and Obligations Exceptions : Contract Violations.

Ceg860(Prasad)L10DC1 Design by Contract Invariants Pre-post conditions : Rights and Obligations Exceptions : Contract Violations.
Carlos D. Rivera February 28, 2007 Design-by-Contract.

Carlos D. Rivera February 28, 2007 Design-by-Contract.
Karlstad University Computer Science Design Contracts and Error Management Design Contracts and Errors A Software Development Strategy Eivind J. Nordby.

Karlstad University Computer Science Design Contracts and Error Management Design Contracts and Errors A Software Development Strategy Eivind J. Nordby.
Practice Session 5 Java: Packages Collection Classes Iterators Generics Design by Contract Test Driven Development JUnit.

Practice Session 5 Java: Packages Collection Classes Iterators Generics Design by Contract Test Driven Development JUnit.
1 Computer Science 340 Software Design & Testing Inheritance & Design By Contract.

1 Computer Science 340 Software Design & Testing Inheritance & Design By Contract.
Chair of Software Engineering OOSC - Summer Semester 2004 1 Object-Oriented Software Construction Bertrand Meyer.

Chair of Software Engineering OOSC - Summer Semester Object-Oriented Software Construction Bertrand Meyer.
Data Abstraction II SWE 619 Software Construction Last Modified, Spring 2009 Paul Ammann.

Data Abstraction II SWE 619 Software Construction Last Modified, Spring 2009 Paul Ammann.
1 Design by Contract Building Reliable Software. 2 Software Correctness Correctness is a relative notion  A program is correct with respect to its specification.

1 Design by Contract Building Reliable Software. 2 Software Correctness Correctness is a relative notion  A program is correct with respect to its specification.
91.3913Feb 2003 R McFadyen1 Contracts (Ch 13) Used to help understand requirements more completely based on assertions; assertions are applicable to any.

Feb 2003 R McFadyen1 Contracts (Ch 13) Used to help understand requirements more completely based on assertions; assertions are applicable to any.
Stacks CS-240 Dick Steflik. Stacks Last In, First Out operation - LIFO As items are added they are chronologically ordered, items are removed in reverse.

Stacks CS-240 Dick Steflik. Stacks Last In, First Out operation - LIFO As items are added they are chronologically ordered, items are removed in reverse.
Design by Contract. Specifications Correctness formula (Hoare triple) {P} A {Q} – A is some operation (for example, a routine body) – P and Q are predicates.

Design by Contract. Specifications Correctness formula (Hoare triple) {P} A {Q} – A is some operation (for example, a routine body) – P and Q are predicates.
92.3913Jan 2005 Ron McFadyen1 Contracts Used to help understand requirements more completely (and so may not always be necessary) based on assertions;

Jan 2005 Ron McFadyen1 Contracts Used to help understand requirements more completely (and so may not always be necessary) based on assertions;
ESC Java. Static Analysis Spectrum Power Cost Type checking Data-flow analysis Model checking Program verification AutomatedManual ESC.

ESC Java. Static Analysis Spectrum Power Cost Type checking Data-flow analysis Model checking Program verification AutomatedManual ESC.
1 Specifying Object Interfaces. 2 Major tasks in this stage: --are there any missing attributes or operations? --how can we reduce coupling, make interface.

1 Specifying Object Interfaces. 2 Major tasks in this stage: --are there any missing attributes or operations? --how can we reduce coupling, make interface.
Software Testing and Quality Assurance

Software Testing and Quality Assurance
Chair of Software Engineering ATOT - Lecture 12, 12 May 2003 1 Advanced Topics in Object Technology Bertrand Meyer.

Chair of Software Engineering ATOT - Lecture 12, 12 May Advanced Topics in Object Technology Bertrand Meyer.

Similar presentations

Ads by Google