Design by Contract in Object-Oriented Development
Design by Contract (DbC) in software development establishes a binding agreement between the client and the implementor, outlining obligations and benefits. This approach ensures that preconditions and postconditions are met, reducing redundancy in code and enhancing code quality. By delineating responsibilities clearly, DbC improves code reliability and facilitates better collaboration between different parties involved in software development.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
COMP 2000 Object-Oriented Design DAVID J STUCKI OTTERBEIN UNIVERSITY
ALERTS Read Design By Contract article on web page Lab 7 due next Tuesday before the beginning of lab It's more complicated than it seems at first... Some suggestions... Create a static method that has the try-catch block that attempts to instantiate a Time object. The method can have parameters that supply the values that are passed to the constructor. Call this method from main, once for each of the test cases.
Design by Contract: Review The designer designer creates the contract client client and the implementor implementor. contract, which is a binding agreement between the Both parties to a contract have obligations symmetric relationship. obligations and benefits benefits. These exist in a The obligations and benefits are informally described in Java comments as preconditions preconditions and postconditions postconditions on methods, where preconditions are the obligation of the client postconditions are the obligation of the implementor
Formal vs. Informal Sometimes the contract is expressed informally. In this case I will label the elements of the contract preconditions preconditions and postconditions postconditions, as we've discussed. At other times the contract is expressed formally (using mathematics or logic). In this case I will label the elements of the contract as requires requires and ensures ensures In order for a contract to be fulfilled, the client must make sure that the required preconditions are met and the implementor must make sure that the ensured postconditions are met.
How do the Benefits work? If the obligations of the implementor are the benefit to the client, what does that mean for the client code? The client gets to assume that what was ensured actually happened, and therefore shouldn't have to check to make sure shouldn't have to check to make sure If the obligations of the client are the benefit to the implementor, what does that mean for the implementor code? The implementor gets to assume that what was required actually happened, and therefore shouldn't have to check to make sure therefore shouldn't have to check to make sure This reduces redundancy in the code!! and therefore and
Example Consider this example function: public int myFunction (int x) {...} Suppose that for myFunction to work properly the parameter x must be passed a value between 1 and 4, inclusive. If the implementor of myFunction coded logic that checked for this, then it would execute that logic even for the following call to myFunction: int result = myFunction (3); But for this call, neither the client nor the implementor should have to check!!!
Example Consider this example function: public int myFunction (int x) {...} What should the requires clause of the specification look like? requires: 1 ? 4
Example (which is better?) // pre-condition: value is not negative // post-condition: method will return // largest integer whose square // is less than or equal to value public static int squareRoot(int value) { int root = 0; while(root*root <= value) { root++; } return root - 1; } public static int squareRoot(int value) { if (value < 0) throw new NegSqrtException("Negative"); int root = 0; while(root*root <= value) { root++; } return root - 1; }
Your Turn... Write a suitable requires clause for the factorial function below: public long factorial (byte n) {...} Since the maximum value that can be expressed in a long variable is 9,223,372,036,854,775,807 and 20! = 2,432,902,008,176,640,000 but 21! = 51,090,942,171,709,440,000 requires: 0 ? 20
Another Example Consider a method that performs binary search is in a list Pre-condition: that the list is sorted Post-consition: returns true true if the item is in the array and false binary search in order to determine if an item false otherwise Why should the method NOT check the pre-condition? It would take linear time to check that the array is sorted, whereas the binary search algorithm only needs logarithmic time to perform the search. In other words, the checking is more expensive that the operation itself!!
Your Turn Again... Function compute is going to access the array a at location index and do some computation. Write a suitable requires clause. public int compute (int[] a, int index) {...} requires: ? ! = ???? && 0 ????? < ?.?????
Last Observation In general, requires clauses avoid unnecessary code in the implementation and improve efficiency However, end users may not understand responsibilities such as requires clauses (or may not have access to the software specifications), so error checking user input still should be included in methods that interact with humans.
Role of Contracts What does this method call do? double a, b; double c = sqrt (a*a + b*b, 0.001); How do you know?
Example of a Contract /** * ... * @param x number for which a square root is desired * @param epsilon allowed relative error * @return the approximate square root of x * @requires * x > 0 and epsilon > 0 * @ensures <pre> * sqrt >= 0 and * [sqrt is within relative error epsilon * of the actual square root of x] * </pre> */ privatestaticdouble sqrt(double x, double epsilon) A Java comment that starts with the symbols /** is called a Javadoc comment; it goes before the method header. OSU CSE 14
Javadoc The standard documentation technique for Java is called Javadoc You place special Javadoc comments enclosed in /** */ in your code, and the javadoc tool generates nicely formatted web-based documentation from them The resulting documentation is known as the API (application programming interface) interface) for the Java code to which the Javadoc tags are attached API (application programming Example API: Java Standard Libraries: https://docs.oracle.com/javase/8/docs/api/ Example API: OSU CSE components at: http://cse.osu.edu/software/common/doc/ OSU CSE 15
Example of a Contract /** * ... * @param x number for which a square root is desired * @param epsilon allowed relative error * @return the approximate square root of x * @requires * x > 0 and epsilon > 0 * @ensures <pre> * sqrt >= 0 and * [sqrt is within relative error epsilon * of the actual square root of x] * </pre> */ privatestaticdouble sqrt(double x, double epsilon) The Javadoctag@param is needed for each formal parameter; you describe the parameter s role in the method. OSU CSE 16
Example of a Contract /** * ... * @param x number for which a square root is desired * @param epsilon allowed relative error * @return the approximate square root of x * @requires * x > 0 and epsilon > 0 * @ensures <pre> * sqrt >= 0 and * [sqrt is within relative error epsilon * of the actual square root of x] * </pre> */ privatestaticdouble sqrt(double x, double epsilon) The Javadoctag@return is needed if the method returns a value; you describe the returned value. OSU CSE 17
Example of a Contract The customJavadoctag @requires introduces the formal precondition for the sqrt method. /** * ... * @param x number for which a square root is desired * @param epsilon allowed relative error * @return the approximate square root of x * @requires * x > 0 and epsilon > 0 * @ensures <pre> * sqrt >= 0 and * [sqrt is within relative error epsilon * of the actual square root of x] * </pre> */ privatestaticdouble sqrt(double x, double epsilon) OSU CSE 18
Example of a Contract /** * ... * @param x number for which a square root is desired * @param epsilon allowed relative error * @return the approximate square root of x * @requires * x > 0 and epsilon > 0 * @ensures <pre> * sqrt >= 0 and * [sqrt is within relative error epsilon * of the actual square root of x] * </pre> */ privatestaticdouble sqrt(double x, double epsilon) The customJavadoctag @ensures introduces the formal postcondition for the sqrt method. OSU CSE 19
Example of a Contract Javadoc comments may contain HTML-like tags; e.g., <pre> </pre> means spacing and line- breaks are retained in generated documentation. /** * ... * @param x number for which a square root is desired * @param epsilon allowed relative error * @return the approximate square root of x * @requires * x > 0 and epsilon > 0 * @ensures <pre> * sqrt >= 0 and * [sqrt is within relative error epsilon * of the actual square root of x] * </pre> */ privatestaticdouble sqrt(double x, double epsilon) OSU CSE 20
Your Turn One Last Time... Which of the following statements are true? A. B. The ensures clause is the responsibility of the implementer The requires clause is assumed by the implementer before execution of the method C. The requires clause is the responsibility of the caller D. The ensures clause is assumed by the caller after the call is completed
Next Time... More Formal Specifications & Javadocs More Formal Specifications & Javadocs
