; Introduction to UML
Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out
Your Federal Quarterly Tax Payments are due April 15th Get Help Now >>

Introduction to UML

VIEWS: 0 PAGES: 47

  • pg 1
									 Introduction to:
Design by Contract
     Fall 2005 OOPD
       John Anthony




                      1
                           Design Question
You have created a Car class with an operation named
addEnging(e : Engine). The rule is that you can only add one
engine to the car (adding two is invalid). How would you
implement this rule?

 • allow the addEngine to be called and then throw an exception if an engine already exists.

 • return a boolean value indicating the success of adding an engine

 • ask the client to check the state of the Car to determine if it already has an engine

 • 1 AND 3



Object Oriented Programming & Design           John J. Anthony                             2
                        What is a Contract
An entity which describes the obligations between
2 or more parties which, when fulfilled, provides
certain rights to the parties.




Object Oriented Programming & Design   John J. Anthony   3
                          More Specifically
   Assertion                       Obligation                              Right
     Type
 Precondition                      Client                                  Client
                     Clients must fulfill the              If obligation met, client has the right
                     precondition as specified by a        to expect the postconditions are true
                     supplier.
 Postcondition                   Supplier                                 Supplier
                     Supplier must provide certain         Has the right to expect the
                     guarantees when service is            preconditions are true.
                     invoked



                           Contracts are “specs ‘n’ checks.”


Object Oriented Programming & Design            John J. Anthony                                4
                          Courier Example
                                       Client                           Supplier


 Obligation                      Precondition                         Postcondition
                     Don’t ask for delivery of packages    Deliver package within 3 working
                     over 5 lbs in weight                  hours
 Benefit                      Postcondition                             Precondition
                     Get package delivered within 3        Don’t have to cope with packages
                     working hours.                        over 5 lbs in weight.




Object Oriented Programming & Design            John J. Anthony                               5
                                        Example

                                 CUSTOMER_MANAGER

              count: INTEGER
                           -- the number of customers the managing object manages
              id_active(an_id : CUSTOMER_ID) : BOOLEAN
                           -- is there a customer with ‘an_id’
              add(a_customer : BASIC_CUSTOMER_DETAILS)
                          -- add ‘a_customer’ to the set of customers being managed
              name_for(an_id : CUSTOMER_ID): STRING
                          --what is the name of the customer with ‘an_id’
              set_name(an_id : CUSTOMER_ID, a_name : STRING)
                          --set the name of the customer with ‘an_id’ to ‘a_name’




Object Oriented Programming & Design                   John J. Anthony                6
                                       Example


                                BASIC_CUSTOMER_DETAILS

                             id : CUSTOMER_ID
                             name : STRING
                             address : STRING
                             date_of_birth : DATE




Object Oriented Programming & Design                John J. Anthony   7
                                       Example

                                   CUSTOMER_MANAGER




                                BASIC_CUSTOMER_DETAILS




Object Oriented Programming & Design       John J. Anthony   8
               Some Design Questions
   How do I make an id active? By adding a customer with that id?

   If I add a customer whose details match an existing customer’s
    basic details, what happens?

   What do I get if I ask for the name of a customer whose id is not
    active?

   What happens if I set the name for a customer whose id is not
    active?


Object Oriented Programming & Design   John J. Anthony               9
              Adding a New Customer
      precondition:
 responsibility of client to
 ensure expression is true             add(a_customer : BASIC_CUSTOMER_DETAILS)
                                           --add ‘a_customer’ to the set of customers

        assertion:                     require
  an expression that must                  id_not_already_active: not id_active(a_customer.id)
      evaluate to true
                                           ……..

                                       ensure
       postcondition:                     count_increased : count = old count + 1
responsibility of supplier to             customer_id_now_active : id_active(a_customer.id)
ensure expressions are true
   after feature execution



Object Oriented Programming & Design              John J. Anthony                                10
                           Some Answers…
   How do I make an id active? By adding a customer with that id?
      Yes




   If I add a customer whose details match an existing customer’s basic details,
    what happens?
         Not allowed to add a customer whose id equals the id of a customer already
          owned by the manager. There are no other constrains on other features such as
          name, address, DOB, etc.




Object Oriented Programming & Design         John J. Anthony                              11
     Setting the Name of Customer

         set_name(an_id : CUSTOMER_ID, a_name : STRING)
             --set the name of the customer with ‘an_id’ to ‘a_name’

         require
             id_active: id_active(an_id)

             ……..

         ensure
            name_set: name_for(an_id).is_equal(a_name)




Object Oriented Programming & Design               John J. Anthony     12
  Asking for the Name of a Customer

         name_for(an_id : CUSTOMER_ID : STRING
             --the name of the customer with ‘an_id’
         require
             id_active: id_active(an_id)

             ……..




Object Oriented Programming & Design             John J. Anthony   13
                           More Answers…
   What do I get if I ask for the name of a customer whose id is not
    active?
         It is illegal to ask for the name of a customer whose id is not active.




   What happens if I set the name for a customer whose id is not
    active?
         It is illegal to attempt to set the name of a customer whose id is not
          active.




Object Oriented Programming & Design        John J. Anthony                         14
                            Class Invariants
A condition that always resolves to True (more
precisely, it is true whenever you can call a feature on the
component).

           invariant
               count_never_negative: count >= 0




Object Oriented Programming & Design              John J. Anthony   15
                       Contract Violations
What would happen if we (attempt) to add a
customer whose id is already active?

           Stopped in object [0xE96978]
           Class: CUSTOMER_MANAGER
           Feature: add
           Problem: Precondition violated
           Tag: id_not_already_active
           Arguments: a_customer: BASIC_CUSTOMER_DETAILS [OXe9697C]
           Call Stack:
               CUSTOMER_MANAGER add
               was called by CUSTOMER_MANAGER_UIF change_customer




Object Oriented Programming & Design      John J. Anthony             16
                              A Simple Stack

                                            STACK
                                count: INTEGER
                                Is_empty : BOOLEAN
                                initialize
                                push (i : INTEGER)
                                pop(out I : INTEGER)




Object Oriented Programming & Design                   John J. Anthony   17
                                       Principle 1
Separate commands from queries

Queries return a result but do not change the
visible properties of the object. Commands might
change the object but do not return a result.




Object Oriented Programming & Design        John J. Anthony   18
                                       Principle 1
  Let’s write the contract for the push command…

 push (I : INTEGER)
     --push ‘i onto the top of the Stack
     ….
                                                                 STACK
 ensure
     top_is_i : i = ?????                            count: INTEGER
                                                     Is_empty : BOOLEAN
                                                     initialize
                                                     push (i : INTEGER)
 push (I : INTEGER)                                  pop() : INTEGER
     --push ‘i onto the top of the Stack
     ….

 ensure
     top_is_i : i = pop




Object Oriented Programming & Design        John J. Anthony               19
                                       Principle 1

 push (I : INTEGER)
     --push ‘i onto the top of the Stack
     ….

 ensure                                                            STACK
     top_is_i : i = pop

                                                       count: INTEGER
                                                       Is_empty : BOOLEAN
                                                       initialize
  push (I : INTEGER)                                   push (i : INTEGER)
      --push ‘i onto the top of the Stack              top : INTEGER
      ….                                               delete

  ensure
      top_is_i : top = i




Object Oriented Programming & Design        John J. Anthony                 20
                 Commands vs. Queries
                                   features



                 attributes                   routines




                           functions                       procedures




                                                         creation       other
                                                              COMMANDS

Object Oriented Programming & Design             John J. Anthony                21
                           The Revised Stack
                                                                                STACK
                                                          <<Queries>>
                                                          count: INTEGER
                                                                       --the number of items on the stack
               STACK                                      item : INTEGER
                                             Eiffel                    --the top item

count: INTEGER                             Naming         Is_empty : BOOLEAN
                                                                       --is the stack empty?
Is_empty : BOOLEAN                        Conventions
initialize                                                <<Creation Commands>>
push (i : INTEGER)                                        Initialize
top : INTEGER
delete                                                    <Other Commands>>
                                                          put (i : INTEGER)
                                                                        --put ‘I’ onto the top of stack
                                                          remove
                                                                        --remove the top item




   Object Oriented Programming & Design            John J. Anthony                                          22
                                       Principle 2
Separate basic queries from derived queries

Derived queries can be specified in terms of
queries.




Object Oriented Programming & Design        John J. Anthony   23
                                       Principle 3
For each derived query, write a postcondition
that specifies what result will be returned in
terms of one or more basic queries.

Then, if we know the values of the basic queries,
we also know the values of the derived queries.



Object Oriented Programming & Design        John J. Anthony   24
                              Principle 2 & 3
                                                                           Principle 2
                                                                        Since is_empty is
                                                                        derived from
 Is_empty : BOOLEAN                                                     count
     --does the stack contain no items
     ….
                                                                           Principle 3
 ensure
     consistent_with_count: Result = (count = 0)                        Since
                                                                        postcondition is
                                                                        defined in terms
                                                                        of count


                      The assertion is defined in terms of the count query.

                      if(count > 0) Result := false
                      else      Result :=true



Object Oriented Programming & Design               John J. Anthony                          25
                               Revised Stack
                                                       STACK
                                 << Basic Queries>>
                                 count: INTEGER
                                             --the number of items on the stack
                                 item : INTEGER
                                             --the top item


                                 <<Derived Queries>>
                                 Is_empty : BOOLEAN
                                              --is the stack empty?


                                 <<Creation Commands>>
                                 Initialize


                                 <Other Commands>>
                                 put (i : INTEGER)
                                               --put ‘I’ onto the top of stack
                                 remove
                                               --remove the top item



Object Oriented Programming & Design                     John J. Anthony          26
                                       Principle 4
For each command, write a postcondition that
specifies the value of every basic query.

Taken together with the principle of defining
derived queries in terms of basic queries, this
means that we know the total visible effect of each
command.


Object Oriented Programming & Design        John J. Anthony   27
                                       Principle 4

           put (I : INTEGER)                                                        Count
                --push ‘I’ onto the top of the stack                            increased by 1
                ….

           ensure
               count_increased: count = old count + 1
               g_on_top: item = i




                                                                 Top of stack
                                                                  equal to i




Object Oriented Programming & Design                   John J. Anthony                           28
                                       Principle 4

           initialize
                 --initialize the stack to be empty
                 ….
                                                                        count set to 0
           ensure
               stack_contains_zero_items: count = 0




             What about the second basic query; item????




Object Oriented Programming & Design                  John J. Anthony                    29
                                       Principle 4

           item
                  --return the top item of the stack

           require                                                        Count must be
               stack_not_empty: count > 0                                greater than 0 in
                                                                         order to call item




            Now, our contract on initialize ensures that:
            • the value of count is zero
            • the top item has no value


Object Oriented Programming & Design                   John J. Anthony                    30
                                       Principle 4

           remove
              --delete the top item

           require                                                  Ensures that we do
               stack_not_empty: count > 0                          not try to remove an
                                                                   item from an empty
           ensure
                                                                           stack.
               count_decreased: count = old count - 1
               top_item_removed: Result = old item




Object Oriented Programming & Design             John J. Anthony                     31
                                       Principle 5
For every query and command, decide on a
suitable precondition.

Preconditions constrain when clients may call the
queries and commands.




Object Oriented Programming & Design        John J. Anthony   32
                                       Principle 6
Write invariants to define unchanging
properties of objects.

Concentrate on properties that help the reader
build an appropriate conceptual model of the
abstraction that the class embodies.



Object Oriented Programming & Design        John J. Anthony   33
                                       Principle 6

           invariant
               count_never_negative: count > 0




Object Oriented Programming & Design             John J. Anthony   34
            Contracts and Inheritance
   How are contracts inherited from parent classes.

   How can contracts be redefined?

   How can we construct subclasses that respect
    the parent’s contract?



Object Oriented Programming & Design   John J. Anthony   35
             Back to Courier Example
   Remember….

                                       Client                          Supplier


Obligation                      Precondition                         Postcondition
                    Don’t ask for delivery of packages    Deliver package within 3 working
                    over 5 lbs in weight                  hours
Benefit                      Postcondition                             Precondition
                    Get package delivered within 3        Don’t have to cope with packages
                    working hours.                        over 5 lbs in weight.




Object Oriented Programming & Design            John J. Anthony                              36
                                Courier Class
                    class COURIER
                        feature
                                deliver (p : PACKAGE, d : DESTINATION)
                                             --deliver package to destination
                                require
                                             --weight of package p does not exceed 5 lbs.

                                …….

                                ensure
                                           --package delivered within 3 working hours

                    …….


                    end




Object Oriented Programming & Design                John J. Anthony                         37
              Remember Polymorphism?

                              Client                                        Courier

                                                                           deliver(…)


     2. The client thinks it is
    using a deliver service from
     a regular kind of courier.        3. But the service is actually
                                          provided by a different       Different_Courier
                                            kind of courier….
                                              will the service
1. A client is given access
                                        be acceptable to the client?        deliver(…)
    to a courier object

                                                                                  <<instance of>>

                         a_client :
                                                                           a_courier :
                           Client
                                                                        Different_Courier


Object Oriented Programming & Design                  John J. Anthony                     38
        Consider New Preconditions
      weight of package must not exceed 8 lbs
      weight of package must not exceed 3 lbs
      weight of package must not exceed 2 lbs



                      Which precondition(s) are acceptable?



Object Oriented Programming & Design     John J. Anthony      39
      Consider New Postconditions
   package will be delivered within 2 hours
   package will be delivered in 3 working hours
   package will be delivered in 5 working hours




                      Which postcondition(s) are acceptable?



Object Oriented Programming & Design     John J. Anthony       40
                          Different_Courier
                    class DIFFERENT_COURIER
                        feature
                                deliver (p : PACKAGE, d : DESTINATION)
                                             --deliver package to destination
                                require else
                                             --weight of package p does not exceed 8 lbs.

                                …….

                                ensure then
                                           --package delivered within 2 working hours

                    …….


                    end




Object Oriented Programming & Design                John J. Anthony                         41
                 Complete Precondition
                                deliver (p : PACKAGE, d : DESTINATION)
                                             --deliver package to destination
                                require
                                             --weight of package p does not exceed 5 lbs.

                                require else
                                            --weight of package p does not exceed 8 lbs.




                    Weight of package does not exceed 5 lbs.

                         or else

                    Weight of package does not exceed 8 lbs.




Object Oriented Programming & Design                John J. Anthony                         42
               Complete Postcondition
                                deliver (p : PACKAGE, d : DESTINATION)
                                             --deliver package to destination
                                ensure
                                             --package delivered within 3 working hours

                                ensure then
                                           -- package delivered within 2 working hours




                    Package delivered within 3 working hours

                         and then

                    Package delivered within 2 working hours




Object Oriented Programming & Design                John J. Anthony                       43
     Benefits of Design by Contract
Benefits include:
       Achieving better designs
       Improving reliability

       Getting better documentation




Object Oriented Programming & Design   John J. Anthony   44
                              Better Designs
   More Systematic Designs
         Designers are encouraged to think about such as matters as preconditions and
          postconditions resulting in concepts being more explicit.

   Clearer Designs
         The obligations and benefits are shared between the client and the suppler and are
          clearly stated.

   Simpler Designs
         Limitations on the use of a routine are clearly expressed in its precondition, and
          the consequences of calling it illegally are clear.

   Systematic Use of Exceptions
         Exceptions are thrown when a routine is used illegally (false precondition) or
          when a routine fails to fulfill its contract (false postcondition)…and nothing in
          between


Object Oriented Programming & Design            John J. Anthony                                45
                     Improved Reliability
   Better Understood and Hence More Reliable Code
         Separates the contract code from the implementation code. Requires the
          implementer to think about the “specification” from two perspectives.


   Better Tested and Hence More Reliable Code
         Assertions are checked at runtime, thereby testing that routines fulfill
          their stated contracts. (A formal approach to test-driven development)




Object Oriented Programming & Design       John J. Anthony                           46
                  Better Documentation
   Clearer Documentation
         Contracts form part of the public, or client, view of a class..


   More Reliable Documentation
         Assertions are checked at runtime, thereby testing that the stated
          contracts are consistent with what the routines actually do.




Object Oriented Programming & Design         John J. Anthony                   47

								
To top
;