charlie garrod chris timperley
play

Charlie Garrod Chris Timperley 17-214 1 Administrivia Homework 4a - PowerPoint PPT Presentation

Nov 03, 2022 •386 likes •1.02k views

Principles of Software Construction: Objects, Design, and Concurrency Invariants, immutability, and testing Charlie Garrod Chris Timperley 17-214 1 Administrivia Homework 4a due Thursday at 11:59 p.m. Mandatory design review meeting

  1. Principles of Software Construction: Objects, Design, and Concurrency Invariants, immutability, and testing Charlie Garrod Chris Timperley 17-214 1

  2. Administrivia • Homework 4a due Thursday at 11:59 p.m. – Mandatory design review meeting before the homework deadline • Final exam is Monday, December 9th, 1–4pm 17-214 2

  3. Outline • Class invariants and defensive copying • Immutability • Testing and coverage • Testing for complex environments 17-214 3

  4. Class invariants • Critical properties of the fields of an object • Established by the constructor • Maintained by public method invocations – May be invalidated temporarily during method execution 17-214 4

  5. Safe languages and robust programs • Unlike C/C++, Java language safe – Immune to buffer overruns, wild pointers, etc. • Makes it possible to write robust classes – Correctness doesn’t depend on other modules – Even in safe language, requires programmer effort 17-214 5

  6. Defensive programming • Assume clients will try to destroy invariants – May actually be true (malicious hackers) – More likely: honest mistakes • Ensure class invariants survive any inputs – Defensive copying – Minimizing mutability 17-214 6

  7. This class is not robust public final class Period { private final Date start, end; // Invariant: start <= end /** * @throws IllegalArgumentException if start > end * @throws NullPointerException if start or end is null */ public Period(Date start, Date end) { if (start.after(end)) throw new IllegalArgumentException(start + " > " + end); this.start = start; this.end = end; } public Date start() { return start; } public Date end() { return end; } ... // Remainder omitted } 17-214 7

  8. The problem: Date is mutable Obsolete as of Java 8; sadly not deprecated even in Java 11 // Attack the internals of a Period instance Date start = new Date(); // (The current time) Date end = new Date(); // " " " Period p = new Period(start, end); end.setYear(78); // Modifies internals of p! 17-214 8

  9. The solution: defensive copying // Repaired constructor - defensively copies parameters public Period(Date start, Date end) { this.start = new Date(start.getTime()); this.end = new Date(end.getTime()); if (this.start.after(this.end)) throw new IllegalArgumentException(start + " > "+ end); } 17-214 9

  10. A few important details • Copies made before checking parameters • Validity check performed on copies • Eliminates window of vulnerability between validity check & copy • Thwarts multithreaded TOCTOU attack – Time-Of-Check-To-Time-Of-U // BROKEN - Permits multithreaded attack! public Period(Date start, Date end) { if (start.after(end)) throw new IllegalArgumentException(start + " > " + end); // Window of vulnerability this.start = new Date(start.getTime()); this.end = new Date(end.getTime()); } 17-214 10

  11. Another important detail • Used constructor, not clone, to make copies – Necessary because Date class is nonfinal – Attacker could implement malicious subclass • Records reference to each extant instance • Provides attacker with access to instance list • But who uses clone, anyway? [EJ Item 11] 17-214 11

  12. Unfortunately, constructors are only half the battle // Accessor attack on internals of Period Period p = new Period(new Date(), new Date()); Date d = p.end(); p.end.setYear(78); // Modifies internals of p! 17-214 12

  13. The solution: more defensive copying // Repaired accessors - defensively copy fields public Date start() { return new Date(start.getTime()) ; } public Date end() { return new Date(end.getTime() ); } Now Period class is robust! 17-214 13

  14. Summary • Don’t incorporate mutable parameters into object; make defensive copies • Return defensive copies of mutable fields … • Or return unmodifiable view of mutable fields • Real lesson – use immutable components – Eliminates the need for defensive copying 17-214 14

  15. Outline • Class invariants and defensive copying • Immutability • Testing and coverage • Testing for complex environments 17-214 15

  16. Immutable classes • Class whose instances cannot be modified • Examples: String , Integer , BigInteger , Instant • How, why, and when to use them 17-214 16

  17. How to write an immutable class • Don’t provide any mutators • Ensure that no methods may be overridden • Make all fields final • Make all fields private • Ensure security of any mutable components 17-214 17

  18. Immutable class example public final class Complex { private final double re, im; public Complex(double re, double im) { this.re = re; this.im = im; } // Getters without corresponding setters public double realPart() { return re; } public double imaginaryPart() { return im; } // minus, times, dividedBy similar to add public Complex plus(Complex c) { return new Complex (re + c.re, im + c.im); } 17-214 18

  19. Immutable class example (cont.) Nothing interesting here @Override public boolean equals(Object o) { if (!(o instanceof Complex)) return false; Complex c = (Complex) o; return Double.compare (re, c.re) == 0 && Double.compare (im, c.im) == 0; } @Override public int hashCode() { return 31 * Double.hashCode (re) + Double.hashCode (im); } @Override public String toString() { return String.format("%d + %di", re, im)"; } } 17-214 19

  20. Distinguishing characteristic • Return new instance instead of modifying • Functional programming • May seem unnatural at first • Many advantages 17-214 20

  21. Advantages • Simplicity • Inherently Thread-Safe • Can be shared freely • No need for defensive copies • Excellent building blocks 17-214 21

  22. Major disadvantage • Separate instance for each distinct value • Creating these instances can be costly BigInteger moby = ...; // A million bits long moby = moby.flipBit(0); // Ouch! • Problem magnified for multistep operations – Well-designed immutable classes provide common multistep operations • e.g., myBigInteger.modPow(exponent, modulus) – Alternative: mutable companion class • e.g., StringBuilder for String 17-214 22

  23. When to make classes immutable • Always, unless there's a good reason not to • Always make small “value classes” immutable! – Examples: Color , PhoneNumber , Unit – Date and Point were mistakes! – Experts often use long instead of Date 17-214 23

  24. When to make classes mutable • Class represents entity whose state changes – Real-world - BankAccount , TrafficLight – Abstract - Iterator , Matcher , Collection – Process classes - Thread , Timer • If class must be mutable, minimize mutability – Constructors should fully initialize instance – Avoid reinitialize methods 17-214 24

  25. Outline • Class Invariants • Immutability • Testing and coverage • Testing for complex environments 17-214 25

  26. Why do we test? 17-214 26

  27. Testing decisions • Who tests? – Developers who wrote the code – Quality Assurance Team and Technical Writers – Customers • When to test? – Before and during development – After milestones – Before shipping – After shipping • When to stop testing? 17-214 27

  28. Test driven development (TDD) • Write tests before code • Never write code without a failing test • Code until the failing test passes 17-214 28

  29. Why use test driven development? • Forces you to think about interfaces early • Higher product quality – Better code with fewer defects • Higher test suite quality • Higher productivity • It’s fun to watch tests pass 17-214 29

  30. TDD in practice • Empirical studies on TDD show: – May require more effort – May improve quality and save time • Selective use of TDD is best • Always use TDD for bug reports – Regression tests 17-214 30

  31. Testing decisions • Who tests? – Developers who wrote the code – Quality Assurance Team and Technical Writers – Customers • When to test? – Before and during development – After milestones – Before shipping – After shipping • When to stop testing? 17-214 31

  32. How much testing? • You generally cannot test all inputs – Too many – usually infinite – Limited time and resources • But when it works, exhaustive testing is best! 17-214 32

  33. What makes a good test suite? • Provides high confidence that code is correct • Short, clear, and non-repetitious – Prefer smaller, more-directed tests – More difficult for test suites than regular code – Realistically, test suites will look worse • Can be fun to write if approached in this spirit 17-214 33

  34. Black-box testing • Look at specifications, not code • Test representative cases • Test boundary conditions • Test invalid (exception) cases • Don’t test unspecified cases 17-214 34

  35. White-box testing • Look at specifications and code • Write tests to: – Check interesting implementation cases – Maximize branch coverage 17-214 35

  36. Code coverage metrics • Method coverage – coarse • Branch coverage – fine • Path coverage – too fine – Cost is high, value is low – (Related to cyclomatic complexity ) • ... 17-214 36

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Charlie Garrod Chris Timperley 17-214 1 Administrivia Homework 6 has been released

Charlie Garrod Chris Timperley 17-214 1 Administrivia Homework 6 has been released

Principles of Software Construction: Objects, Design, and Concurrency DevOps Charlie Garrod Chris Timperley 17-214 1 Administrivia Homework 6 has been released Sequential implementation due by Tuesday, Nov. 26 Parallel

597 views • 47 slides
Charlie Garrod Chris Timperley 17-214 1 Administrivia Homework 5b due 11:59 p.m. Tuesday

Charlie Garrod Chris Timperley 17-214 1 Administrivia Homework 5b due 11:59 p.m. Tuesday

Principles of Software Construction: Objects, Design, and Concurrency Part 3: Concurrency Introduction to concurrency, part 3 Concurrency primitives, libraries, and design patterns Charlie Garrod Chris Timperley 17-214 1 Administrivia

597 views • 49 slides
Charlie Garrod Chris Timperley 17-214 1 Administrivia Homework 5a due 9 a.m. tomorrow

Charlie Garrod Chris Timperley 17-214 1 Administrivia Homework 5a due 9 a.m. tomorrow

Principles of Software Construction: Objects, Design, and Concurrency Part 3: Concurrency Introduction to concurrency: Concurrency challenges Charlie Garrod Chris Timperley 17-214 1 Administrivia Homework 5a due 9 a.m. tomorrow Midterm

764 views • 38 slides
Charlie Garrod Chris Timperley 17-214 1 Administrivia Homework 4b due next Thursday, October

Charlie Garrod Chris Timperley 17-214 1 Administrivia Homework 4b due next Thursday, October

Principles of Software Construction: Objects, Design, and Concurrency Part 2: Design case studies Design case study: Java Collections Charlie Garrod Chris Timperley 17-214 1 Administrivia Homework 4b due next Thursday, October 17 th

598 views • 44 slides
Charlie Garrod Chris Timperley 17-214 1 Administrivia Reading due today: UML and Patterns

Charlie Garrod Chris Timperley 17-214 1 Administrivia Reading due today: UML and Patterns

Principles of Software Construction: Objects, Design, and Concurrency Part 2: Design case studies Design case study: Java Swing Charlie Garrod Chris Timperley 17-214 1 Administrivia Reading due today: UML and Patterns 26.1 and 26.4

781 views • 47 slides
Charlie Garrod Chris Timperley 17-214 1 Administrivia Homework 5c due tonight! 17-214 2

Charlie Garrod Chris Timperley 17-214 1 Administrivia Homework 5c due tonight! 17-214 2

Principles of Software Construction: Objects, Design, and Concurrency Toward software engineering in practice Charlie Garrod Chris Timperley 17-214 1 Administrivia Homework 5c due tonight! 17-214 2 Software Engineering (SE) at CMU

689 views • 45 slides
Charlie Garrod Chris Timperley 17-214 1 Administrivia Homework 5 team sign-up deadline

Charlie Garrod Chris Timperley 17-214 1 Administrivia Homework 5 team sign-up deadline

Principles of Software Construction: Objects, Design, and Concurrency Part 3: Concurrency Introduction to concurrency Charlie Garrod Chris Timperley 17-214 1 Administrivia Homework 5 team sign-up deadline Thursday Team sizes,

833 views • 36 slides
Principles of Software Construction: Objects, Design, and Concurrency API Design, Part I: Process

Principles of Software Construction: Objects, Design, and Concurrency API Design, Part I: Process

Principles of Software Construction: Objects, Design, and Concurrency API Design, Part I: Process and Naming Charlie Garrod Chris Timperley 17-214 1 Administrivia Homework 4c due next Thursday Reading assignment due next Tuesday

753 views • 64 slides
Principles of Software Construction: Objects, Design, and Concurrency Software Engineering for

Principles of Software Construction: Objects, Design, and Concurrency Software Engineering for

Principles of Software Construction: Objects, Design, and Concurrency Software Engineering for Teams Charlie Garrod Chris Timperley 17-214 1 Administrivia Homework 4c due today Up to 75% of points lost on Homework 4a can be recovered

1.11k views • 44 slides
Principles of Software Construction: Objects, Design, and Concurrency Introduction to Design

Principles of Software Construction: Objects, Design, and Concurrency Introduction to Design

Principles of Software Construction: Objects, Design, and Concurrency Introduction to Design Patterns Charlie Garrod Chris Timperley 17-214 1 Administrivia Homework 1 feedback in your GitHub repository Homework 2 due tonight 11:59 p.m.

920 views • 42 slides
Josh Bloch Charlie Garrod School of Computer Science

Josh Bloch Charlie Garrod School of Computer Science

Principles of So3ware Construc9on Designing classes for reuse Principles, pa=erns, and parametric polymorphism Josh Bloch Charlie Garrod School of

669 views • 62 slides
Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 6 available Checkpoint

Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 6 available Checkpoint

Principles of Software Construction: Objects, Design, and Concurrency Part 4: et cetera Toward SE in practice: DevOps and branch management Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 6 available Checkpoint deadline

673 views • 39 slides
Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 6 available Checkpoint

Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 6 available Checkpoint

Principles of Software Construction: Objects, Design, and Concurrency Part 4: Et cetera Toward SE in practice: Empiricism in SE Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 6 available Checkpoint deadline tonight Due

549 views • 29 slides
Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 6 available Due last night

Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 6 available Due last night

Principles of Software Construction: Objects, Design, and Concurrency Part 4: et cetera A puzzling finale: What you see is what you get? Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 6 available Due last night Final

974 views • 61 slides
Josh Bloch Charlie Garrod School of Computer Science 15-214 1 Pop quiz - What does this print?

Josh Bloch Charlie Garrod School of Computer Science 15-214 1 Pop quiz - What does this print?

Principles of Software Construction: Objects, Design, and Concurrency Keepin It Real: Achieving and Maintaining Correctness in the Face of Change Josh Bloch Charlie Garrod School of Computer Science 15-214 1 Pop quiz - What does this

828 views • 45 slides
Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 3 due Sunday at 11:59 p.m.

Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 3 due Sunday at 11:59 p.m.

Principles of Software Construction: Objects, Design, and Concurrency Part 1: Designing classes A formal design process: Doman modeling Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 3 due Sunday at 11:59 p.m. Optional

471 views • 43 slides
Query-aware Test Generation Using a Relational Constraint Solver SHADI ABDUL KHALEK, BASSEM

Query-aware Test Generation Using a Relational Constraint Solver SHADI ABDUL KHALEK, BASSEM

Query-aware Test Generation Using a Relational Constraint Solver SHADI ABDUL KHALEK, BASSEM ELKARABLIEH, YAI O. LALEYE, SARFRAZ KHURSHID ASE08 PRESENTED BY: YUSHAN ZHANG 1 http://ieeexplore.ieee.org/document/4639327/ 2020/10/8 Blackbox

434 views • 18 slides
Test Oracles and Randomness S I T R T E V U I N L M U O S C D I N E

Test Oracles and Randomness S I T R T E V U I N L M U O S C D I N E

Test Oracles and Randomness S I T R T E V U I N L M U O S C D I N E A N R D U O C D O O D C N E Ralph Guderlei and Johannes Mayer rjg@mathematik.uni-ulm.de, jmayer@mathematik.uni-ulm.de

627 views • 40 slides
The C Language: It Is Not What You Think It Is! Mark Batty and Peter Sewell University of

The C Language: It Is Not What You Think It Is! Mark Batty and Peter Sewell University of

The C Language: It Is Not What You Think It Is! Mark Batty and Peter Sewell University of Cambridge Joint work of Jade Alglave, Mark Batty, Luc Maranget, Robin Morisset, Justus Matthiesen, Kayvan Memarian, Paul McKenney, Scott Owens, Pankaj

515 views • 36 slides
An Automated Model-based Test Oracle for Access Control Systems Antonia Bertolino 1 , Said

An Automated Model-based Test Oracle for Access Control Systems Antonia Bertolino 1 , Said

An Automated Model-based Test Oracle for Access Control Systems Antonia Bertolino 1 , Said Daoudagh 1,2 , Francesca Lonetti 1 , Eda Marchetti 1 1 ISTI-CNR 2 University of Pisa Agenda Introduction Access Control Systems XACML policies

459 views • 31 slides
Osmocom TTCN-3 Test Suites Harald Welte &lt;laforge@gnumonks.org&gt; Osmocom TTCN-3 Test Suites

Osmocom TTCN-3 Test Suites Harald Welte &lt;laforge@gnumonks.org&gt; Osmocom TTCN-3 Test Suites

Osmocom TTCN-3 Test Suites Harald Welte &lt;laforge@gnumonks.org&gt; Osmocom TTCN-3 Test Suites developed in 2017+2018 compiled using Eclipse TITAN uses just a command-line compiler + Makefiles no IDE needed at all, dont let Eclipse fool you

805 views • 21 slides
TESTING WITH JUNIT Lab 5 : Testing Overview Testing with JUnit JUnit Basics Sample

TESTING WITH JUNIT Lab 5 : Testing Overview Testing with JUnit JUnit Basics Sample

TESTING WITH JUNIT Lab 5 : Testing Overview Testing with JUnit JUnit Basics Sample Test Case How To Write a Test Case Aggregating Test Cases Running Tests with JUnit JUnit plug-in for NetBeans Running Tests in

465 views • 28 slides
USolids Library Outline First usolids shapes were included in release 10.0 Finishing

USolids Library Outline First usolids shapes were included in release 10.0 Finishing

USolids Library Outline First usolids shapes were included in release 10.0 Finishing implementation of UPolycone Adapting and including UMultiUnion shape in release 10.1 BETA New Test Suite for Shapes working with USolids and

473 views • 32 slides
A Framework for Testing Query Transformation Rules HICHAM G. ELMONGUI, VIVEK NARASAYYA, RAVI

A Framework for Testing Query Transformation Rules HICHAM G. ELMONGUI, VIVEK NARASAYYA, RAVI

A Framework for Testing Query Transformation Rules HICHAM G. ELMONGUI, VIVEK NARASAYYA, RAVI RAMAMURTHY SIGMOD09 Presenter: ZHANG, Yushan @Prism 1 2020/10/8 Outline Background of this research The Challenges Framework Design

358 views • 16 slides

More recommend