contracts vs implementations where common eiffel errors
play

Contracts vs. Implementations: Where? Common Eiffel Errors: - PowerPoint PPT Presentation

Contracts vs. Implementations: Where? Common Eiffel Errors: Instructions for Implementations : inst 1 , inst 2 Contracts vs. Implementations Boolean expressions for Contracts: exp 1 , exp 2 , exp 3 , exp 4 , exp 5 feature -- Commands


  1. Contracts vs. Implementations: Where? Common Eiffel Errors: ● Instructions for Implementations : inst 1 , inst 2 Contracts vs. Implementations ● Boolean expressions for Contracts: exp 1 , exp 2 , exp 3 , exp 4 , exp 5 feature -- Commands class withdraw ACCOUNT require feature -- Queries exp 3 balance : INTEGER do EECS3311 A: Software Design require inst 2 exp 1 Winter 2020 ensure do exp 4 inst 1 end C HEN -W EI W ANG ensure invariant exp 2 exp 5 end end -- end of class ACCOUNT 3 of 23 Contracts vs. Implementations: Definitions Implementations: Instructions with No Return Values In Eiffel, there are two categories of constructs: ○ Implementations ● Assignments ● are step-by-step instructions that have side-effects balance := balance + a e.g., . . . := . . . , across . . . as . . . loop . . . end ● Selections with branching instructions: ● change attribute values if a > 0 then acc . deposit ( a ) else acc . withdraw (- a ) end ● do not return values ● Loops ● ≈ commands ○ Contracts from from i := a . lower ● are Boolean expressions that have no side-effects list . start across until until list as cursor i > a . upper list . after loop e.g., . . . = . . . , across . . . as . . . all . . . end loop loop sum := Result := list . item . wdw (10) sum + cursor . item ● use attribute and parameter values to specify a condition Result + a [ i ] list . forth end i := i + 1 ● return a Boolean value (i.e., True or False ) end end ● ≈ queries 2 of 23 4 of 23

  2. Contracts: Contracts: Common Mistake (1) Fixed Expressions with Boolean Return Values ● Relational Expressions (using = , /= , ∼ , / ∼ , > , < , >= , <= ) a > 0 class ● Binary Logical Expressions (using and , and then , or , or else , ACCOUNT implies ) feature withdraw ( a : INTEGER ) ( a . lower <= index ) and ( index <= a . upper ) do . . . ● Logical Quantification Expressions (using all , some ) ensure balance = old balance - a across end a . lower |..| a . upper as cursor . . . all a [ cursor . item ] >= 0 end ● old keyword can only appear in postconditions (i.e., ensure ). balance = old balance + a 5 of 23 7 of 23 Contracts: Common Mistake (1) Contracts: Common Mistake (2) class class ACCOUNT ACCOUNT feature feature withdraw ( a : INTEGER ) withdraw ( a : INTEGER ) do do . . . ensure . . . ensure across balance := old balance - a a as cursor end loop . . . . . . end . . . Colon-Equal sign ( := ) is used to write assignment instructions. across ... loop ... end is used to create loop instructions. 6 of 23 8 of 23

  3. Contracts: Common Mistake (2) Fixed Contracts: Common Mistake (3) Fixed class class ACCOUNT ACCOUNT feature feature withdraw ( a : INTEGER ) withdraw ( a : INTEGER ) do do . . . ensure . . . ensure across postcond_1 : balance = old balance - a a as cursor postcond_2 : old balance > 0 all -- if you meant ∀ , or use some if you meant ∃ end . . . -- A Boolean expression is expected here! end . . . . . . 9 of 23 11 of 23 Contracts: Common Mistake (3) Contracts: Common Mistake (4) class ACCOUNT feature class withdraw ( a : INTEGER ) ACCOUNT require feature old balance > 0 withdraw ( a : INTEGER ) do do . . . . . . ensure ensure . . . old balance - a end end . . . . . . ● Only postconditions may use the old keyword to specify the relationship between pre-state values (before the execution of Contracts can only be specified as Boolean expressions. withdraw ) and post-state values (after the execution of withdraw ). ● Pre-state values (right before the feature is executed) are indeed the old values, so there’s no need to qualify them! 10 of 23 12 of 23

  4. Contracts: Common Mistake (4) Fixed Contracts: Common Mistake (5) Fixed class LINEAR_CONTAINER create make feature -- Attributes a : ARRAY [ STRING ] feature -- Queries class count : INTEGER do Result := a . count end ACCOUNT get ( i : INTEGER ): STRING do Result := a [ i ] end feature -- Commands feature make do create a . make_empty end withdraw ( a : INTEGER ) update ( i : INTEGER ; v : STRING ) do . . . require ensure -- Others Unchanged balance > 0 across do 1 |..| count as j all . . . j . item /= i implies ( old Current ). get ( j . item ) ∼ get ( j . item ) ensure end end . . . end end . . . ○ The idea is that the old expression should not involve the local cursor variable j that is introduced in the postcondition. ○ Whether to put ( old Current.twin ) or ( old Current.deep twin ) is up to your need. 13 of 23 15 of 23 Contracts: Common Mistake (5) Implementations: Common Mistake (1) class LINEAR_CONTAINER create make class feature -- Attributes a : ARRAY [ STRING ] ACCOUNT feature -- Queries feature count : INTEGER do Result := a . count end withdraw ( a : INTEGER ) get ( i : INTEGER ): STRING do Result := a [ i ] end feature -- Commands do make do create a . make_empty end balance = balance + 1 update ( i : INTEGER ; v : STRING ) do . . . end ensure -- Others Unchanged . . . across 1 |..| count as j all ● Equal sign ( = ) is used to write Boolean expressions. j . item /= i implies old get(j.item) ∼ get ( j . item ) end end ● In the context of implementations, Boolean expression values end must appear: Compilation Error : ○ on the RHS of an assignment ; ○ as one of the branching conditions of an if-then-else statement; or ○ Expression value to be cached before executing update ? ○ as the exit condition of a loop instruction. [ Current.get(j.item) ] ○ But, in the pre-state , integer cursor j does not exist! 14 of 23 16 of 23

  5. Implementations: Common Mistake (1) Fixed Implementations: Common Mistake (2) Fixed 1 class 2 BANK 3 feature 4 min_credit : REAL 5 accounts : LIST [ ACCOUNT ] class 6 ACCOUNT 7 no_warning_accounts : BOOLEAN feature 8 do withdraw ( a : INTEGER ) 9 Result := do 10 across balance := balance + 1 11 accounts as cursor end 12 all 13 cursor . item . balance > min_credit . . . 14 end 15 end 16 . . . Rewrite L10 – L14 using across ... as ... some ... end . Hint : ∀ x ● P ( x ) ≡ ¬ ( ∃ x ● ¬ P ( x )) 17 of 23 19 of 23 Implementations: Common Mistake (2) Implementations: Common Mistake (3) class class BANK BANK feature feature accounts : LIST [ ACCOUNT ] min_credit : REAL accounts : LIST [ ACCOUNT ] total_balance : REAL do no_warning_accounts : BOOLEAN Result := do across across accounts as cursor accounts as cursor loop all Result := Result + cursor . item . balance cursor . item . balance > min_credit end end end . . . end . . . . . . Again, in implementations, Boolean expressions cannot appear In implementations, since instructions do not return values, they alone without their values being “captured”. cannot be used on the RHS of assignments. 18 of 23 20 of 23

  6. Implementations: Common Mistake (3) Fixed Index (2) Contracts: Common Mistake (5) Fixed Implementations: Common Mistake (1) class BANK feature Implementations: Common Mistake (1) Fixed accounts : LIST [ ACCOUNT ] total_balance : REAL Implementations: Common Mistake (2) do across accounts as cursor Implementations: Common Mistake (2) Fixed loop Result := Result + cursor . item . balance end Implementations: Common Mistake (3) end Implementations: Common Mistake (3) Fixed 21 of 23 23 of 23 Index (1) Contracts vs. Implementations: Definitions Contracts vs. Implementations: Where? Implementations: Instructions with No Return Values Contracts: Expressions with Boolean Return Values Contracts: Common Mistake (1) Contracts: Common Mistake (1) Fixed Contracts: Common Mistake (2) Contracts: Common Mistake (2) Fixed Contracts: Common Mistake (3) Contracts: Common Mistake (3) Fixed Contracts: Common Mistake (4) Contracts: Common Mistake (4) Fixed Contracts: Common Mistake (5) 22 of 23

Recommend


More recommend