Programming by Contract. Programming by Contract: Motivation. Programming by Contract: Preconditions and Postconditions

Similar documents
Software Engineering Techniques

3 Pillars of Object-oriented Programming. Industrial Programming Systems Programming & Scripting. Extending the Example.

D06 PROGRAMMING with JAVA. Ch3 Implementing Classes

Design by Contract beyond class modelling

Case studies: Outline. Requirement Engineering. Case Study: Automated Banking System. UML and Case Studies ITNP090 - Object Oriented Software Design

CS 111 Classes I 1. Software Organization View to this point:

Monitors, Java, Threads and Processes

More on Objects and Classes

Chapter 13 - Inheritance

Lecture J - Exceptions

Outline of this lecture G52CON: Concepts of Concurrency

AP Computer Science Java Subset

Moving from CS 61A Scheme to CS 61B Java

D06 PROGRAMMING with JAVA

Unit Testing & JUnit

Software Construction

Computing Concepts with Java Essentials

Outline. Computer Science 331. Stack ADT. Definition of a Stack ADT. Stacks. Parenthesis Matching. Mike Jacobson

Debugging. Common Semantic Errors ESE112. Java Library. It is highly unlikely that you will write code that will work on the first go

Free Java textbook available online. Introduction to the Java programming language. Compilation. A simple java program

7.1 Our Current Model

Handout 1. Introduction to Java programming language. Java primitive types and operations. Reading keyboard Input using class Scanner.

I. INTRODUCTION. International Journal of Computer Science Trends and Technology (IJCST) Volume 3 Issue 2, Mar-Apr 2015

16. Recursion. COMP 110 Prasun Dewan 1. Developing a Recursive Solution

Free Java textbook available online. Introduction to the Java programming language. Compilation. A simple java program

Object Oriented Software Design II

Massachusetts Institute of Technology 6.005: Elements of Software Construction Fall 2011 Quiz 1 October 14, Instructions

First Java Programs. V. Paúl Pauca. CSC 111D Fall, Department of Computer Science Wake Forest University. Introduction to Computer Science

ICOM 4015: Advanced Programming

CMSC 202H. ArrayList, Multidimensional Arrays

Java Interview Questions and Answers

The C Programming Language course syllabus associate level

UNIVERSITY OF CALIFORNIA Department of Electrical Engineering and Computer Sciences Computer Science Division. P. N. Hilfinger

Inheritance, overloading and overriding

Course: Programming II - Abstract Data Types. The ADT Stack. A stack. The ADT Stack and Recursion Slide Number 1

Chapter 1 Java Program Design and Development

Hoare-Style Monitors for Java

C++ INTERVIEW QUESTIONS

Java Programming Fundamentals

Computer Programming I

CS193j, Stanford Handout #10 OOP 3

Software Design. Software Design. Software design is the process that adds implementation details to the requirements.

INTRODUCTION TO COMPUTER PROGRAMMING. Richard Pierse. Class 7: Object-Oriented Programming. Introduction

The Java Series. Java Essentials I What is Java? Basic Language Constructs. Java Essentials I. What is Java?. Basic Language Constructs Slide 1

Part I. Multiple Choice Questions (2 points each):

Rigorous Software Development CSCI-GA

Introduction to Java Applications Pearson Education, Inc. All rights reserved.

5. Advanced Object-Oriented Programming Language-Oriented Programming

Approach of Unit testing with the help of JUnit

No no-argument constructor. No default constructor found

AP Computer Science A 2004 Free-Response Questions

Crash Course in Java

Java: overview by example

Understanding class definitions

Functional Programming

Introduction to Java Lecture Notes. Ryan Dougherty

Stack Allocation. Run-Time Data Structures. Static Structures

Software Component Specification Using Design by Contract

Object Oriented Software Design

D06 PROGRAMMING with JAVA

Basic Programming and PC Skills: Basic Programming and PC Skills:

Exception Handling. Overloaded methods Interfaces Inheritance hierarchies Constructors. OOP: Exception Handling 1

GContracts Programming by Contract with Groovy. Andre Steingress

Designing with Exceptions. CSE219, Computer Science III Stony Brook University

CompSci 125 Lecture 08. Chapter 5: Conditional Statements Chapter 4: return Statement

J a v a Quiz (Unit 3, Test 0 Practice)

Mutual Exclusion using Monitors

Adapting C++ Exception Handling to an Extended COM Exception Model

Software Engineering Concepts: Testing. Pointers & Dynamic Allocation. CS 311 Data Structures and Algorithms Lecture Slides Monday, September 14, 2009

High-Level Language. Building a Modern Computer From First Principles.

Object-Oriented Design Lecture 4 CSU 370 Fall 2007 (Pucella) Tuesday, Sep 18, 2007

Thomas Jefferson High School for Science and Technology Program of Studies Foundations of Computer Science. Unit of Study / Textbook Correlation

Announcement. SOFT1902 Software Development Tools. Today s Lecture. Version Control. Multiple iterations. What is Version Control

Overview. Elements of Programming Languages. Advanced constructs. Motivating inner class example

Java 6 'th. Concepts INTERNATIONAL STUDENT VERSION. edition

Fundamentals of Java Programming

Checking Access to Protected Members in the Java Virtual Machine

Python Programming: An Introduction To Computer Science

Programming by Contract vs. Defensive Programming: A Comparison of Run-time Performance and Complexity

Glossary of Object Oriented Terms

Masters programmes in Computer Science and Information Systems. Object-Oriented Design and Programming. Sample module entry test xxth December 2013

Conditional Statements Summer 2010 Margaret Reid-Miller

UIL Computer Science for Dummies by Jake Warren and works from Mr. Fleming

Java from a C perspective. Plan

Testing, Debugging, and Verification

Software Testing. Definition: Testing is a process of executing a program with data, with the sole intention of finding errors in the program.

How To Write A Program In Java (Programming) On A Microsoft Macbook Or Ipad (For Pc) Or Ipa (For Mac) (For Microsoft) (Programmer) (Or Mac) Or Macbook (For

Java Programming Language

AP Computer Science Static Methods, Strings, User Input

The Clean programming language. Group 25, Jingui Li, Daren Tuzi

Examples of Design by Contract in Java

vector vec double # in # cl in ude <s ude tdexcept> tdexcept> // std::ou std t_of ::ou _range t_of class class V Vector { ector {

1. What are Data Structures? Introduction to Data Structures. 2. What will we Study? CITS2200 Data Structures and Algorithms

VB.NET Programming Fundamentals

Habanero Extreme Scale Software Research Project

Transcription:

COMP209 Object Oriented Programming Designing Classes 2 Mark Hall Programming by Contract (adapted from slides by Mark Utting) Preconditions Postconditions Class invariants Programming by Contract An agreement between two parties: The provider provides a service/product. The client uses that service/product (and usually pays for it!). Each side has obligations (and benefits): Precondition = client's obligations. Postcondition = provider's obligations Department of Computer Science 1 Department of Computer Science 2 Programming by Contract: Motivation Want precise specifications of classes Class will be clearly documented Makes implementers job easier Callers (clients) know precisely how/when to call each method and what it will do Computer can check correctness of class and its clients. Automatic bug catching! Programming by Contract: A precondition describes the properties that must hold whenever a procedure is called. A postcondition describes the properties that the procedure guarantees when it returns. Contract: If you promise to call me with Pre satisfied, then I promise to return with Post satisfied. Department of Computer Science 3 Department of Computer Science 4 Preconditions are typically stated for one of two reasons: 1. To restrict the parameters of a method 2. To require that a method is called when it is in the appropriate state There are two kinds of postcondition 1. That the return value is computed correctly 2. That the object is in a certain state after the method call is completed Example: deposit method in BankAccount Precondition: the amount to be deposited should not be negative Postcondition: the account balance will always be 0 In a correct system, procedures are only called when their preconditions are true. If a procedure is called when its precondition is false, it may do anything! (The contract is broken!) Department of Computer Science 5 Department of Computer Science 6 Department of Computer Science 1

Therefore, preconditions and postconditions are important parts of a method, and they should be documented Method documentation for deposit: /** * Deposits money into this account * (Postcondition: getbalance() >= 0) * @param amount the amount of money to deposit * (Precondition: amount >= 0) */ Department of Computer Science 7 Note that we formulate pre- and postconditions only in terms of the interface of the class Method documentation for withdraw: /** * Withdraws money from the bank account * @param amount the amount of money to deposit * (Precondition: amount >= 0) * (Precondition: amount <= getbalance()) */ Thus, amount <= getbalance(), not amount <= mbalance Caller needs to check the precondition and only has access to the public interface, not the private implementation Department of Computer Science 8 Stack: public Object pop() More examples Client: Obligations and Benefits Obligations Only call Pop on non-empty stack. Benefits Value returned was on top of the stack. (will be removed) Stack: public void push(object val) Stack: Must return top of stack and shrink stack No need to handle cases where stack is empty. Department of Computer Science 9 Department of Computer Science 10 Checking Preconditions What should a method do when it is called with inappropriate inputs? Eg. account.deposit(-1000) Two choices: 1. The method can check for the violation and throw an exception 2. If it is too cumbersome or expensive to carry out the check then just assume that preconditions are fulfilled Any data corruption or failures are the callers fault Class Invariants Pre/Postconditions only describe the properties of individual methods We also want to document properties of the whole class. Things which are common to its methods A class invariant expresses consistency constraints that apply to all objects of that class, all through their lifecycle Department of Computer Science 11 Department of Computer Science 12 Department of Computer Science 2

When is class invariant true? Constructor MethodA MethodB (Finalizer) state0 state1 state2 Class Invariant is true. Class Invariant Rules Constructors must establish C.Inv. Methods must maintain C.Inv. However, within the method, the class invariant may be temporarily broken, while data structures are being updated. Finalizer can assume C.Inv. Subclasses should only strengthen C.Inv. Department of Computer Science 13 Department of Computer Science 14 Checking Class Invariants Define an invariant method in each class public/protected void invariant() Call it at the end of each constructor, and at the end of each method that modifies the object. (Challenge: disable these calls in release code?) Advantages: Clear documentation of class data structures Catches corrupt data errors ASAP Subclasses can refine invariant() adding their own additional checks (strengthen) Department of Computer Science 15 Invariant Example public class Stack extends Vector { protected void invariant() { super.invariant(); Pretend, for the sake of example, that if (size() < 0) { this method exists in throw new Exception(); the Vector class if (!(empty() == (size() == 0))) { throw new Exception(); if (!empty()) { if (top()!= elementat(size() - 1) { throw new Exception(); Department of Computer Science 16 So far we ve looked a instance methods that all have an implicit parameter Recall that an implicit parameter is a reference to the object containing the method. It can be accessed by the method, if necessary, by using the this keyword BankAccount myaccount = new BankAccount(); myaccount.deposit(100); Sometimes you write methods that don t need an implicit parameter Eg. the sqrt method in the Math class is a static method that doesn t require an implicit parameter Also, every application has a static main method double result = Math.sqrt(x); myaccount is the object on which the Math is the name of deposit method is the class, not an object invoked. It is the implicit parameter to the deposit methoddepartment of Computer Science 17 Department of Computer Science 18 Department of Computer Science 3

Why would you want to write a method without an implicit parameter? Common reason: compute something that involves only (primitive) numbers Since numbers aren t objects, you can t pass them as implicit parameters Department of Computer Science 19 Eg. simple static method that calculates whether two floating point numbers are approximately equal: x - y max( x, y ) e Where e is a small number, eg. 10-14 However, if x or y is zero, then you need to test if the absolute value of the other quantity is at most e Department of Computer Science 20 This computation is just complex enough to warrant encapsulating it in a method Since the parameters are numbers, the method doesn t operate on any objects at all, so we make it into a static method public static boolean approxequal(double x, double y) { final double EPSILON = 1E-14; if (x == 0) { return Math.abs(y) <= EPSILON; if (y == 0) { return Math.abs(x) <= EPSILON; return Math.abs(x - y) / Math.max(Math.abs(x), Math.abs(y)) <= EPSILON We need to find a home for this method There are two choices: 1. Add this method to a class whose other methods need to call it 2. Come up with a new class (similar to the Math class of the standard Java library) to contain it Number 2 is nice from the cohesive point of view as we end up with general purpose Utility class full of related static methods Department of Computer Science 22 public class Numeric { public static boolean approxequal(double x, double y) { // More numeric methods can be added here When calling a static method, you supply the name of the class containing the method so that the compiler can find it double r = Math.sqrt(2); if (Numeric.approxEqual(r * r, 2)) { System.out.println( Math.sqrt(2) squared is + approximately 2 ); Note that you do not supply an object of type Numeric when you call the method static methods have no implicit parameter The main method is static because when a program starts, there aren t any objects yet Therefore, the first method in the program must be a static method In general, minimize the use of static methods If you are using a lot of static methods then you may not have found the right classes to solve your problem in an object-oriented way Department of Computer Science 24 Department of Computer Science 4

Consider a slight variation of the BankAccount class: Has both a balance and an account number We want to assign account numbers sequentially Constructor should construct first BankAccount with number 1, the next with number 2, etc Therefore, we must store the last assigned account number somewhere Department of Computer Science 25 Can t make this into an instance field in that case each instance of BankAccount would have its own value of the last assigned account number Need to have a single value that is the same for the entire class Such a field is called a class field, or static field private double mbalance; private int maccountnumber; private static int slastassignednumber; Department of Computer Science 26 Every method of a class can access its static fields public BankAccount() { // generate next account number to be assigned slastassignednumber++; // incr the static field // assign to account number of this bank account maccountnumber = lastassignednumber; // set instance fields Department of Computer Science 27 How do we initialize static fields? Can t initialize them in the constructor they would get reset every time a new object is created Could do nothing. The static field is then initialized with 0 (for numbers), false (for boolean) or null (for objects) Use an explicit initializer: private static slastnumberassigned = 0; The initialization is executed once when the class is first loaded into the virtual machine Department of Computer Science 28 Like static methods, be careful with the use of static fields Methods that modify static fields have side effects their behaviour does not simply depend on their inputs Don t use static fields as a mechanism to transfer values between methods Summary Preconditions, postconditions and class invariants help in documenting code and designing tests Static methods are often found in utility classes, but shouldn t be abused Similarly, be sparing in the use of static fields Department of Computer Science 29 Department of Computer Science 30 Department of Computer Science 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information