Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Assertions. 2 A boolean expression or predicate that evaluates to true or false in every state In a program they express constraints on the state that.

Published byConstance Sharp Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Assertions. 2 A boolean expression or predicate that evaluates to true or false in every state In a program they express constraints on the state that."— Presentation transcript:

1 1 Assertions

2 2 A boolean expression or predicate that evaluates to true or false in every state In a program they express constraints on the state that must be true at that point Associate with  Individual program statements  functions  classes

3 3 Assertions & Correct Programs Specify clearly, precisely and succinctly  What is expected and guaranteed by each component – class, function and statement The essence of documentation Essential for debugging Aids in having fault tolerance How to write correct programs and know it – Harlan Mills

4 4 Assertion syntax Use Eiffel syntax as in programming statements  Boolean expression  Sequence of relational expressions using the connectives not, and, or, xor, implies, or else, and then  Relational expression  Function call returning a boolean value  Sequence of variables and function calls using the connectives, >=, <=, =, not =  Parenthesis used to explicitly indicate precedence order Can invoke functions – no recursion on assertion checking

5 5 Pre-Conditions Statement syntax  require boolean expression Where within function/procedure  write just before the local clause, if it exists nonZero (row, col : INTEGER): BOOLEAN is -- True if non-zero element at require 0 < row and row <= actualRows 0 < col and col <= actualCols local i : INTEGER do... end

6 6 Post-Conditions Statement syntax  ensure boolean expression Where within function/procedure  write just before the end of body nonZero(row, col : INTEGER): BOOLEAN is -- True if non-zero element at... do... ensure Result = item(row, col) /= 0 end

7 7 Pre/Post Example Use tag names to identify assertions nonZero (row, col : INTEGER): BOOLEAN is -- True if non-zero element at require row_correct: 0 < row and row <= actualRows column_correct: 0 < col and col <= actualCols local i : INTEGER do... ensure correct_result: Result = item(row, col) /= 0 end

8 8 Pre/Post Example – 2 Use comments if you cannot write an executable assertion Use already defined functions or custom written functions nonZero (row, col : INTEGER): BOOLEAN is -- True if non-zero element at require row_correct: 0 < row and row <= actualRows column_correct: 0 < col and col <= actualCols local i : INTEGER do... ensure correct_result: Result = item(row, col) /= 0 -- all elements remain unchanged end

9 9 Post-Conditions – 2 Show relationship between initial and final values At the end of the body the final values are in effect Refer to initial values using the keyword old bounded_stack_push (element: G) is require size < capacity do... ensure size = old size + 1 end

10 10 Loop Invariants & Loop Syntax from init statements invariant assertions for invariant variant integer expression until exit condition loop body statements end Can invoke boolean functions. Use agents to implement predicate calculus expressions always non negative body decreases value on every iteration

11 11 Loop Invariant Example -- calculate the sum of all elements -- in array a from i := a.lower sum := a @ a.lower invariant a.lower <= i i <= a.upper + 1 variant a.upper + 1 – i until i > a.upper loop i := i + 1 s := s + a @ i end

12 12 Loop Invariant Example When we run, we get a precondition violation On the last iteration, i is a.upper+1, an invalid index for array a Loop invariants do not guarantee correct execution, but they help with the specification of the loop

13 13 Corrected Example -- calculate the sum of all elements -- in array a from i := a.lower sum := 0 invariant a.lower <= i i <= a.upper + 1 variant a.upper + 1 – i until i > a.upper loop sum := sum + a @ i i := i + 1 end

14 14 Check Assertion Within the body of a routine you can insert a check clause The check clause is executed and if its assertion is false then an exception occurs Used to remind the reader of a non-obvious fact that could be deduced if full then error := overflow else check representation_exists : representation /= Void end representation.put(x) error := none end

15 15 Class Invariants Appear in the invariant clause just before the end of the class True at stable times  After make  After every exported feature call  Could be false during a feature call as various substates change Invariants are implicitly a part of every pre and post condition class BOUNDED_STACK... invariant count_non_negative: 0 <= count count_bounded: count <= capacity end -- BOUNDED_STACK

16 16 Assertion Monitoring Eiffel provides multiples levels of assertion monitoring  See the Ace file & page 393 Always should be on during debugging Turn off as little as possible only if time is critical and the system can be trusted

17 17 Agents & Tuples

18 18 What is an Agent An agent is a function that is passed as a parameter Agents implement a sub-set of functional programming  Functional programming is dealt with in the course COSC 3401

19 19 Why have agents ? Many algorithms differ only in what function they apply  Consider integration of a function, where the function can be or any other function of one variable. In this course, we use agents in functions that implement first order predicate calculus expressions in assertions  For example  All items in a string are spaces or integers or …

20 20 Sum of Integers 1..n sum_i (n : INTEGER) : INTEGER is local sum : INTEGER i : INTEGER do from i := 1 until i > n loop sum := sum + i i := i + 1 end Result := sum end

21 21 Sum Double of Integers 1..n sum_double_i (n : INTEGER) : INTEGER is local sum : INTEGER i : INTEGER do from i := 1 until i > n loop sum := sum + i + i i := i + 1 end Result := sum end

22 22 Sum Square of Integers 1..n sum_square_i (n : INTEGER) : INTEGER is local sum : INTEGER i : INTEGER do from i := 1 until i > n loop sum := sum + i * i i := i + 1 end Result := sum end

23 23 sum (n : INTEGER ; f : FUNCTION) : INTEGER is local sum : INTEGER i : INTEGER do from i := 1 until i > n loop sum := sum + f(i) i := i + 1 end Result := sum end Abstract the function Abstract the commonalities and only supply the variations. Write one function for all cases Problem: Need type checking for the function -- additional syntax is required

24 24 Problem with Syntax sum (n : INTEGER ; f : FUNCTION ) : INTEGER is local sum : INTEGER i : INTEGER do from i := 1 until i > n loop sum := sum + f(i) i := i + 1 end Result := sum end Need to specify function – arguments and types – Result type Need syntax to match function definition

25 25 Typing a Function General syntax FUNCTION [ class_to_which_function_belongs, argument_types, Result_type ] Example for the sum_to function argument f : FUNCTION [ ANY, TUPLE [ INTEGER ], INTEGER ]

26 26 sum (n : INTEGER ; f : FUNCTION [ ANY, TUPLE [ INTEGER ], INTEGER ] ) : INTEGER is local sum : INTEGER i : INTEGER do from i := 1 until i > n loop sum := sum + f.item( [ i ] ) i := i + 1 end Result := sum end Generalized Sum Specified function – arguments and types – Result type f is a function object. item is the feature that returns the function result. The function is applied to the argument, which is of type tuple

27 27 What is a tuple? Analogous to describing the types for the fields of a record  Example of a 5 field record with sufficient space in each field to hold items of the indicated type Tuple [ INTEGER, CHARACTER, BOOLEAN, ARRAY[TIGERS], STACK[ELEPHANTS] ]

28 28 Functions: Identity, Double & Square identity(i : INTEGER) : INTEGER is -- Return the argument do Result := i end double(i : INTEGER) : INTEGER is -- Return double the argument do Result := i + i end square(i : INTEGER) : INTEGER is -- Return square of the argument do Result := i * i end

29 29 Using Agents sum ( 5, agent identity(?) ) sum ( 5, agent double(?) ) sum ( 5, agent square(?) ) The function to pass is identified as an agent so both » The function definition is passed, instead of being evaluated » the proper type checking is done Argument type of the passed functions are defined in the function sum so a ? is used as a place marker showing that the functions have one argument (for type checking)

30 30 Checking items in an array all_satisfy (value : INTEGER; comparator : FUNCTION[ANY, TUPLE[INTEGER, INTEGER],BOOLEAN] ) : BOOLEAN is -- Result is true if value :comparator: Current[i] is true for all i -- e.g. 1 < Current[i] for all i, where the comparator is < local i : INTEGER do from i := lower Result := True until i > upper or Result = False loop Result := Result and comparator.item([value, item(i)]) i := i + 1 end

31 31 The agent Using the agent – note the place markers for 2 parameters All_satisfy using < less_than (i, j : INTEGER) : BOOLEAN is -- Result is i < j do Result := i < j end all_satisfy (0, agent less_than(?,?))

32 32 Fixing a parameter for an Agent When agents have multiple parameters we can make one or more of the parameters to be constants at the time the agent is used. The function all_satisfy_1 checks that 0 is less than all array elements A new all satisfy function is required because we are actually passing a one parameter argument – the ?  Mathematically the first parameter of the agent has been curried – the two parameter less_than is converted to a one parameter less_than using constant 0 as the first parameter all_satisfy_1 (agent less_than(0,?))

33 33 All_Satisfy_1 all_satisfy_1 (condition : FUNCTION[ANY, TUPLE[INTEGER],BOOLEAN]): BOOLEAN is -- Result is true if condition is true for all i local i : INTEGER do from i := lower; Result := True until i > upper or Result = False loop Result := Result and condition.item([item(i)]) i := i + 1 end Note that the agent is now a one-parameter function value is not a parameter of all_satisfy_1, instead it is a curried parameter of less_than (see previous slide)

34 34 Typing a PROCEDURE Procedures can also be passed as arguments General syntax PROCEDURE [ class_to_which_procedure_belongs, argument_types ] Same as for a function, except there is no return type There is a different mechanism to invoke a procedure procedure.call(tuple) instead of function.item(tuple)

Download ppt "1 Assertions. 2 A boolean expression or predicate that evaluates to true or false in every state In a program they express constraints on the state that."

Similar presentations

Control Structures Ranga Rodrigo. Control Structures in Brief C++ or JavaEiffel if-elseif-elseif-else-end caseinspect for, while, do-whilefrom-until-loop-end.

Control Structures Ranga Rodrigo. Control Structures in Brief C++ or JavaEiffel if-elseif-elseif-else-end caseinspect for, while, do-whilefrom-until-loop-end.
Semantics Static semantics Dynamic semantics attribute grammars

Semantics Static semantics Dynamic semantics attribute grammars
ICE1341 Programming Languages Spring 2005 Lecture #6 Lecture #6 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.

ICE1341 Programming Languages Spring 2005 Lecture #6 Lecture #6 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.
Expressions and Statements. 2 Contents Side effects: expressions and statements Expression notations Expression evaluation orders Conditional statements.

Expressions and Statements. 2 Contents Side effects: expressions and statements Expression notations Expression evaluation orders Conditional statements.
Getting started with ML ML is a functional programming language. ML is statically typed: The types of literals, values, expressions and functions in a.

Getting started with ML ML is a functional programming language. ML is statically typed: The types of literals, values, expressions and functions in a.
Chapter 7 User-Defined Methods. Chapter Objectives  Understand how methods are used in Java programming  Learn about standard (predefined) methods and.

Chapter 7 User-Defined Methods. Chapter Objectives  Understand how methods are used in Java programming  Learn about standard (predefined) methods and.
The Fundamental Rule for Testing Methods Every method should be tested in a program in which every other method in the testing program has already been.

The Fundamental Rule for Testing Methods Every method should be tested in a program in which every other method in the testing program has already been.
 Both System.out and System.err are streams—a sequence of bytes.  System.out (the standard output stream) displays output  System.err (the standard.

 Both System.out and System.err are streams—a sequence of bytes.  System.out (the standard output stream) displays output  System.err (the standard.
Chapter 1. The Phases of Software Development. Data Structure 2 Chapter outline  Objectives  Use Javadoc to write a method’s complete specification.

Chapter 1. The Phases of Software Development. Data Structure 2 Chapter outline  Objectives  Use Javadoc to write a method’s complete specification.
Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.

Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
1 Design by Contract Building Reliable Software. 2 Software Correctness Correctness is a relative notion  A program is correct with respect to its specification.

1 Design by Contract Building Reliable Software. 2 Software Correctness Correctness is a relative notion  A program is correct with respect to its specification.
Object Oriented Design An object combines data and operations on that data (object is an instance of class) data: class variables operations: methods Three.

Object Oriented Design An object combines data and operations on that data (object is an instance of class) data: class variables operations: methods Three.
True or false A variable of type char can hold the value 301. ( F )

True or false A variable of type char can hold the value 301. ( F )
Design by Contract. Specifications Correctness formula (Hoare triple) {P} A {Q} – A is some operation (for example, a routine body) – P and Q are predicates.

Design by Contract. Specifications Correctness formula (Hoare triple) {P} A {Q} – A is some operation (for example, a routine body) – P and Q are predicates.
1 Introducing ASML Methods, Values, Constraints, Constants, Variables Lecture 10 Software Engineering COMP201.

1 Introducing ASML Methods, Values, Constraints, Constants, Variables Lecture 10 Software Engineering COMP201.
Discrete Mathematics Lecture 4 Harper Langston New York University.

Discrete Mathematics Lecture 4 Harper Langston New York University.
C Lecture Notes 1 Program Control (Cont...). C Lecture Notes 2 4.8The do / while Repetition Structure The do / while repetition structure –Similar to.

C Lecture Notes 1 Program Control (Cont...). C Lecture Notes 2 4.8The do / while Repetition Structure The do / while repetition structure –Similar to.
Chair of Software Engineering Concurrent Object-Oriented Programming Prof. Dr. Bertrand Meyer Lecture 9: Contracts and Inheritance (based on work with.

Chair of Software Engineering Concurrent Object-Oriented Programming Prof. Dr. Bertrand Meyer Lecture 9: Contracts and Inheritance (based on work with.
Information Hiding and Encapsulation

Information Hiding and Encapsulation

Similar presentations

Ads by Google