Скачать презентацию Lecture 3 Abstraction by Specification CS 201 j Скачать презентацию Lecture 3 Abstraction by Specification CS 201 j

1cc5bdcac0c48778df488cf534308ce0.ppt

  • Количество слайдов: 37

Lecture 3: Abstraction by Specification CS 201 j: Engineering Software? University of Virginia David Lecture 3: Abstraction by Specification CS 201 j: Engineering Software? University of Virginia David Evans 5 September 2002 CS 201 Jj Fall 2002 Computer Science http: //www. cs. virginia. edu/~evans

Menu • Java Semantics Recap • Abstraction by Specification • PS 1 Comments 5 Menu • Java Semantics Recap • Abstraction by Specification • PS 1 Comments 5 September 2002 CS 201 Jj Fall 2002 2

Java Semantics 5 September 2002 CS 201 Jj Fall 2002 3 Java Semantics 5 September 2002 CS 201 Jj Fall 2002 3

java. lang. String public class Strings { public static void test () { String java. lang. String public class Strings { public static void test () { String s = new String ("hello"); String t = new String ("hello"); String. Buffer sb = new String. Buffer ("he"); String. Buffer tb = sb; String s 1 = "hello"; String t 1 = "hello"; sb. append (“llo"); tb. append (" goodbye!"); s. concat (" goodbye!"); t = s. concat (" goodbye!"); } } java. lang. String “hello goodbye!” 5 September 2002 “hello goodbye!” java. lang. String s t sb tb s 1 t 1 CS 201 Jj Fall 2002 “hello” java. lang. String. Buffer “hello “he” goodbye!” java. lang. String “hello” 4

java. lang. String Which of these are true: a) s == t b) s java. lang. String Which of these are true: a) s == t b) s 1 == t 1 c) s == s 1 d) s. equals (t) e) sb == tb f) t. equals (tb) java. lang. String “hello goodbye!” 5 September 2002 “hello goodbye!” java. lang. String s t sb tb s 1 t 1 CS 201 Jj Fall 2002 “hello” java. lang. String. Buffer “hello “he” goodbye!” java. lang. String “hello” 5

Abstraction by Specification 5 September 2002 CS 201 Jj Fall 2002 6 Abstraction by Specification 5 September 2002 CS 201 Jj Fall 2002 6

Managing Complexity • Divide problem into subproblems that – Can be solved independently – Managing Complexity • Divide problem into subproblems that – Can be solved independently – Can be combined to solve the original problem • How do we know they can be solved independently? • How do we know they can be combined to solved the original problem? 5 September 2002 CS 201 Jj Fall 2002 7

Abstraction A I 3 I 4 I 1 I 2 I 5 An abstraction Abstraction A I 3 I 4 I 1 I 2 I 5 An abstraction is a many-to-one map. 5 September 2002 CS 201 Jj Fall 2002 8

Using Abstractions A I 3 Client I 4 I 1 I 2 I 5 Using Abstractions A I 3 Client I 4 I 1 I 2 I 5 When a client uses an abstraction, it should work as the client expects it to no matter with implementation is provided. How should client know what to expect? 5 September 2002 CS 201 Jj Fall 2002 9

Specification • Tells the client of an abstraction what she can expect it to Specification • Tells the client of an abstraction what she can expect it to do • Tells the implementer of an abstraction what the implementation must do to satisfy the client • Contract between client and implementer: – Client will only rely on behavior described by specification – Implementer will provide an implementation that satisfies the specification 5 September 2002 CS 201 Jj Fall 2002 10

Good Specifications • Clear, precise and unambiguous – Clients and implementers will agree on Good Specifications • Clear, precise and unambiguous – Clients and implementers will agree on what they mean • Complete – Describe the behavior of the abstraction in all situations • Declarative – Describe what the abstraction should do, not how it should do it 5 September 2002 CS 201 Jj Fall 2002 11

Formality of Specifications • Informal: written in a natural language (e. g. , English) Formality of Specifications • Informal: written in a natural language (e. g. , English) – People can disagree on what it means – Degrees of informality • Formal: written in a specification language – Meaning is defined by specification language (whose meaning is defined precisely, but eventually informally) – May be analyzed by machines 5 September 2002 CS 201 Jj Fall 2002 12

What do you call people who decide what informal specifications mean? 5 September 2002 What do you call people who decide what informal specifications mean? 5 September 2002 CS 201 Jj Fall 2002 13

Example Informal Specification Excessive bail shall not be required, nor excessive fines imposed, nor Example Informal Specification Excessive bail shall not be required, nor excessive fines imposed, nor cruel and unusual punishments inflicted. 8 th Amendment 5 September 2002 CS 201 Jj Fall 2002 14

Correct Implementation? public static boolean violates. Eigth. Amendment (Punishment p) { // EFFECTS: Returns Correct Implementation? public static boolean violates. Eigth. Amendment (Punishment p) { // EFFECTS: Returns true if p violates the 8 th // amendment: cruel and unusual // punishments. return (p. is. Cruel () && p. is. Unusual ()); } Or did they mean p. is. Cruel () || p. is. Unusual () ? 5 September 2002 CS 201 Jj Fall 2002 15

Example Informal Specification A player is in an offside position if: he is nearer Example Informal Specification A player is in an offside position if: he is nearer to his opponents’ goal line than both the ball and the second last opponent A player is not in an offside position if: he is in his own half of the field of play or he is level with the second last opponent or he is level with the last two opponents Offence A player in an offside position is only penalised if, at the moment the ball touches or is played by one of his team, he is, in the opinion of the referee, involved in active play by: interfering with play or interfering with an opponent or gaining an advantage by being in that position No Offence There is no offside offence if a player receives the ball directly from: a goal kick or a throw-in or a corner kick. http: //www. fifa. com/fifa/handbook/laws/2002/LOTG 2002_E. pdf, Law 11 5 September 2002 CS 201 Jj Fall 2002 16

Procedural Specifications • Specification for a procedure describes: – What its inputs are – Procedural Specifications • Specification for a procedure describes: – What its inputs are – What the mapping between inputs and outputs are – What it can do the state of the world 5 September 2002 CS 201 Jj Fall 2002 17

Requires and Effects • Header: name of procedure, types of parameters and return value Requires and Effects • Header: name of procedure, types of parameters and return value – Java declaration • Clauses (comments in Java) – REQUIRES - precondition the client must satisfy before calling – EFFECTS – postcondition the implementation satisfy at return 5 September 2002 CS 201 Jj Fall 2002 18

Contract • Client promises to satisfy the precondition in the requires clause • Implementer Contract • Client promises to satisfy the precondition in the requires clause • Implementer promises if client satisfies the precondition, the return value and state when the function returns will satisfy the postcondition. 5 September 2002 CS 201 Jj Fall 2002 19

Specification Contract f () REQUIRES: precondition EFFECTS: postcondition precondition { f (); } postcondition Specification Contract f () REQUIRES: precondition EFFECTS: postcondition precondition { f (); } postcondition 5 September 2002 If the precondition is true, after we call f (), the postcondition is true. CS 201 Jj Fall 2002 20

Specification Example public String best. Stock () // REQUIRES: false // EFFECTS: Returns the Specification Example public String best. Stock () // REQUIRES: false // EFFECTS: Returns the name of the // best stock to buy on the NASDAQ // tomorrow. Can we implement a procedure that satisfies this specification? Yes, any implementation will satisfy this specification! If the precondition in the requires clause is not satisfied, the procedure can do anything and still satisfy its specification! 5 September 2002 CS 201 Jj Fall 2002 21

Specification Example public String best. Stock () // REQUIRES: true // EFFECTS: Returns the Specification Example public String best. Stock () // REQUIRES: true // EFFECTS: Returns the name of the // best stock to buy on the NASDAQ // tomorrow. Can we implement a procedure that satisfies this specification? 5 September 2002 CS 201 Jj Fall 2002 22

Requires Clauses • The weaker (more easy to make true) the requires clause: – Requires Clauses • The weaker (more easy to make true) the requires clause: – The more useful a procedure is for clients – The more difficult it is to implement correctly – The more difficult it is to test • Avoid requires clauses unless there is a good reason to have one – Default requires clause is: REQUIRES true – Client doesn’t need to satisfy anything before calling 5 September 2002 CS 201 Jj Fall 2002 23

Specification Example public static int biggest (int [ ] a) // REQUIRES: true // Specification Example public static int biggest (int [ ] a) // REQUIRES: true // EFFECTS: Returns the value of the // biggest element of a. Is this a reasonable specification? No, what should client expect to happen if a is empty. 5 September 2002 CS 201 Jj Fall 2002 24

Specification Example public static int biggest (int [ ] a) // REQUIRES: a has Specification Example public static int biggest (int [ ] a) // REQUIRES: a has at least one element. // EFFECTS: Returns the value of the // biggest element of a. Is this a good specification? Maybe, depends on the client. Its risky… 5 September 2002 CS 201 Jj Fall 2002 25

Specification Example public static int biggest (int [ ] a) // REQUIRES: true // Specification Example public static int biggest (int [ ] a) // REQUIRES: true // EFFECTS: If a has at least one // element, returns the value biggest // element of a. Otherwise, returns // Integer. MIN_VALUE (smallest int // value). Better, but client has to deal with special case now. Best would probably be to use an exception… 5 September 2002 CS 201 Jj Fall 2002 26

Bad Use of Requires Clause • Bug discovered in Microsoft Outlook that treats messages Bad Use of Requires Clause • Bug discovered in Microsoft Outlook that treats messages that start with “begin ” as empty attachments (can be exploited by viruses) To workaround this problem: • Do not start messages with the word "begin" followed by two spaces. • Use only one space between the word "begin" and the following data. • Capitalize the word "begin" so that it is reads "Begin. " • Use a different word such as "start" or "commence". from http: //support. microsoft. com/default. aspx? scid=KB; EN-US; Q 265230& 5 September 2002 CS 201 Jj Fall 2002 27

Modifies • How does a client know a is the same after biggest returns? Modifies • How does a client know a is the same after biggest returns? public static int biggest (int [ ] a) // REQUIRES: true // EFFECTS: If a has at least one element, // returns the value biggest element of a. // Otherwise, returns Integer. MIN_VALUE // (smallest int value). Reading the effects clause is enough – if biggest modifies anything, it should describe it. But, that’s a lot of work. 5 September 2002 CS 201 Jj Fall 2002 28

Modifies • Modifies clause: any state not listed in the modifies clause may not Modifies • Modifies clause: any state not listed in the modifies clause may not be changed by the procedure. public static int biggest (int [ ] a) // REQUIRES: true // MODIFIES: nothing // EFFECTS: If a has at least one element, // returns the value biggest element of a. // Otherwise, returns Integer. MIN_VALUE // (smallest int value). 5 September 2002 CS 201 Jj Fall 2002 29

Modifies Example public static int replace. Biggest (int [ ] a, int [] b) Modifies Example public static int replace. Biggest (int [ ] a, int [] b) // REQUIRES: a and b both have at least one // element // MODIFIES: a // EFFECTS: Replaces the value of the biggest // element in a with the value of the biggest // element in b. 5 September 2002 CS 201 Jj Fall 2002 30

Defaults • What should it mean when there is no requires clause? REQUIRES: true Defaults • What should it mean when there is no requires clause? REQUIRES: true • What should it mean when there is no modifies clause? MODIFIES: nothing • What should it mean when there is no effects clause? Meaningless. (Lose points for not writing a specification) 5 September 2002 CS 201 Jj Fall 2002 31

Specifications in CS 201 J • PS 2 – Informal, but precise – Use Specifications in CS 201 J • PS 2 – Informal, but precise – Use Requires/Modifies/Effects clauses • Need a very good reason to have a precondition stronger than true (especially after we cover Exceptions). • PS 3 and later – Informal and some formal – Formal specifications as ESC/Java annotations • Don’t describe all behavior (so still need the informal specs) 5 September 2002 CS 201 Jj Fall 2002 32

Problem Set 1 5 September 2002 CS 201 Jj Fall 2002 33 Problem Set 1 5 September 2002 CS 201 Jj Fall 2002 33

Example Informal Specification • If a cell is currently dead cell and has three Example Informal Specification • If a cell is currently dead cell and has three live neighbors, then it becomes a live cell. • If a cell is currently alive and has two or three live cells it remains alive. • Otherwise, the cell dies. Any ambiguities in this? 5 September 2002 CS 201 Jj Fall 2002 34

PS 1 Comments • Java has real booleans is. Alive () and is. Alive PS 1 Comments • Java has real booleans is. Alive () and is. Alive () == true mean the same thing • Read the coding guidelines on course website • Be careful when you cut and paste – Lost one point for having misleading/incorrect comments in your code 5 September 2002 CS 201 Jj Fall 2002 35

PS 1 Comments • A few of you turned in code which clearly wouldn’t PS 1 Comments • A few of you turned in code which clearly wouldn’t even compile – Why? • Don’t put your SSN on assignments – You should keep it as secret as possible – University shouldn’t use it as an identifier • Ask for a student ID number that is not your SSN • Don’t call the Assistant Coaches – Unless its their scheduled lab hours and they aren’t there! 5 September 2002 CS 201 Jj Fall 2002 36

Charge • PS 2: due Tuesday • Lab hours posted on web site – Charge • PS 2: due Tuesday • Lab hours posted on web site – Today: 5 -9 pm – Sunday: 4 -8 pm 5 September 2002 CS 201 Jj Fall 2002 37