writing complete contracts
play

Writing Complete Contracts EECS3311: Software Design Fall 2017 C - PowerPoint PPT Presentation

Mar 31, 2024 •405 likes •659 views

Writing Complete Contracts EECS3311: Software Design Fall 2017 C HEN -W EI W ANG How are contracts checked at runtime? All contracts are specified as Boolean expressions. Right before a feature call (e.g., acc.withdraw(10) ): The

  1. Writing Complete Contracts EECS3311: Software Design Fall 2017 C HEN -W EI W ANG

  2. How are contracts checked at runtime? ● All contracts are specified as Boolean expressions. ● Right before a feature call (e.g., acc.withdraw(10) ): ○ The current state of acc is called its pre-state . ○ Evaluate pre-condition using current values of attributes/queries. ○ Cache values of all expressions involving the old keyword in the post-condition . e.g., cache the value of old balance via old balance ∶= balance ● Right after the feature call: ○ The current state of acc is called its post-state . ○ Evaluate invariant using current values of attributes and queries. ○ Evaluate post-condition using both current values and “cached” values of attributes and queries. 2 of 25

  3. When are contracts complete? ● In post-condition , for each attribute , specify the relationship between its pre-state value and its post-state value. ○ Eiffel supports this purpose using the old keyword. ● This is tricky for attributes whose structures are composite rather than simple : e.g., ARRAY , LINKED LIST are composite-structured. e.g., INTEGER , BOOLEAN are simple-structured. ● Rule of thumb: For an attribute whose structure is composite, we should specify that after the update: 1. The intended change is present; and 2. The rest of the structure is unchanged . ● The second contract is much harder to specify: ○ Reference aliasing [ ref copy vs. shallow copy vs. deep copy ] ○ Iterable structure [ use across ] 3 of 25

  4. Account class ACCOUNT deposit ( a : INTEGER ) inherit do ANY balance := balance + a redefine is_equal end ensure create balance = old balance + a make end feature is_equal ( other : ACCOUNT ): BOOLEAN owner : STRING do balance : INTEGER Result := owner ∼ other . owner make ( n : STRING ) and balance = other . balance do end owner := n end balance := 0 end 4 of 25

  5. Bank class BANK create make feature accounts : ARRAY [ ACCOUNT ] make do create accounts . make_empty end account_of ( n : STRING ): ACCOUNT require existing : across accounts as acc some acc . item . owner ∼ n end do . . . ensure Result . owner ∼ n end add ( n : STRING ) require non_existing : across accounts as acc all acc . item . owner / ∼ n end local new_account : ACCOUNT do create new_account . make ( n ) accounts . force ( new_account , accounts . upper + 1) end end 5 of 25

  6. Roadmap of Illustrations We examine 5 different versions of a command deposit on ( n ∶ STRING ; a ∶ INTEGER ) V ERSION I MPLEMENTATION C ONTRACTS S ATISFACTORY ? 1 Correct Incomplete No 2 Wrong Incomplete No 3 Wrong Complete (reference copy) No 4 Wrong Complete (shallow copy) No 5 Wrong Complete (deep copy) Yes 6 of 25

  7. Object Structure for Illustration We will test each version by starting with the same runtime object structure: BANK 0 1 b.accounts accounts b ACCOUNT ACCOUNT owner owner “Bill” “Steve” balance 0 balance 0 7 of 25

  8. Version 1: Incomplete Contracts, Correct Implementation class BANK deposit_on_v1 ( n : STRING ; a : INTEGER ) require across accounts as acc some acc . item . owner ∼ n end local i : INTEGER do from i := accounts . lower until i > accounts . upper loop if accounts [ i ]. owner ∼ n then accounts [ i ]. deposit ( a ) end i := i + 1 end ensure num_of_accounts_unchanged : accounts . count = old accounts . count balance_of_n_increased : account_of ( n ). balance = old account_of ( n ). balance + a end end 8 of 25

  9. Test of Version 1 class TEST_BANK test_bank_deposit_correct_imp_incomplete_contract : BOOLEAN local b : BANK do comment ("t1: correct imp and incomplete contract") create b . make b . add ("Bill") b . add ("Steve") -- deposit 100 dollars to Steve’s account b.deposit on v1 ("Steve", 100) Result := b . account_of ("Bill"). balance = 0 and b . account_of ("Steve"). balance = 100 check Result end end end 9 of 25

  10. Test of Version 1: Result 10 of 25

  11. Version 2: Incomplete Contracts, Wrong Implementation class BANK deposit_on_v2 ( n : STRING ; a : INTEGER ) require across accounts as acc some acc . item . owner ∼ n end local i : INTEGER do -- same loop as in version 1 -- wrong implementation: also deposit in the first account accounts[accounts.lower].deposit(a) ensure num_of_accounts_unchanged : accounts . count = old accounts . count balance_of_n_increased : account_of ( n ). balance = old account_of ( n ). balance + a end end Current postconditions lack a check that accounts other than n are unchanged. 11 of 25

  12. Test of Version 2 class TEST_BANK test_bank_deposit_wrong_imp_incomplete_contract : BOOLEAN local b : BANK do comment ("t2: wrong imp and incomplete contract") create b . make b . add ("Bill") b . add ("Steve") -- deposit 100 dollars to Steve’s account b.deposit on v2 ("Steve", 100) Result := b . account_of ("Bill"). balance = 0 and b . account_of ("Steve"). balance = 100 check Result end end end 12 of 25

  13. Test of Version 2: Result 13 of 25

  14. Version 3: Complete Contracts with Reference Copy class BANK deposit_on_v3 ( n : STRING ; a : INTEGER ) require across accounts as acc some acc . item . owner ∼ n end local i : INTEGER do -- same loop as in version 1 -- wrong implementation: also deposit in the first account accounts[accounts.lower].deposit(a) ensure num_of_accounts_unchanged : accounts . count = old accounts . count balance_of_n_increased : account_of ( n ). balance = old account_of ( n ). balance + a others unchanged : across old accounts as cursor all cursor . item . owner / ∼ n implies cursor . item ∼ account_of ( cursor . item . owner ) end end end 14 of 25

  15. Test of Version 3 class TEST_BANK test_bank_deposit_wrong_imp_complete_contract_ref_copy : BOOLEAN local b : BANK do comment ("t3: wrong imp and complete contract with ref copy") create b . make b . add ("Bill") b . add ("Steve") -- deposit 100 dollars to Steve’s account b.deposit on v3 ("Steve", 100) Result := b . account_of ("Bill"). balance = 0 and b . account_of ("Steve"). balance = 100 check Result end end end 15 of 25

  16. Test of Version 3: Result 16 of 25

  17. Version 4: Complete Contracts with Shallow Object Copy class BANK deposit_on_v4 ( n : STRING ; a : INTEGER ) require across accounts as acc some acc . item . owner ∼ n end local i : INTEGER do -- same loop as in version 1 -- wrong implementation: also deposit in the first account accounts[accounts.lower].deposit(a) ensure num_of_accounts_unchanged : accounts . count = old accounts . count balance_of_n_increased : account_of ( n ). balance = old account_of ( n ). balance + a others unchanged : across old accounts.twin as cursor all cursor . item . owner / ∼ n implies cursor . item ∼ account_of ( cursor . item . owner ) end end end 17 of 25

  18. Test of Version 4 class TEST_BANK test_bank_deposit_wrong_imp_complete_contract_shallow_copy : BOOLEAN local b : BANK do comment ("t4: wrong imp and complete contract with shallow copy") create b . make b . add ("Bill") b . add ("Steve") -- deposit 100 dollars to Steve’s account b.deposit on v4 ("Steve", 100) Result := b . account_of ("Bill"). balance = 0 and b . account_of ("Steve"). balance = 100 check Result end end end 18 of 25

  19. Test of Version 4: Result 19 of 25

  20. Version 5: Complete Contracts with Deep Object Copy class BANK deposit_on_v5 ( n : STRING ; a : INTEGER ) require across accounts as acc some acc . item . owner ∼ n end local i : INTEGER do -- same loop as in version 1 -- wrong implementation: also deposit in the first account accounts[accounts.lower].deposit(a) ensure num_of_accounts_unchanged : accounts . count = old accounts . count balance_of_n_increased : account_of ( n ). balance = old account_of ( n ). balance + a others unchanged : across old accounts.deep twin as cursor all cursor . item . owner / ∼ n implies cursor . item ∼ account_of ( cursor . item . owner ) end end end 20 of 25

  21. Test of Version 5 class TEST_BANK test_bank_deposit_wrong_imp_complete_contract_deep_copy : BOOLEAN local b : BANK do comment ("t5: wrong imp and complete contract with deep copy") create b . make b . add ("Bill") b . add ("Steve") -- deposit 100 dollars to Steve’s account b.deposit on v5 ("Steve", 100) Result := b . account_of ("Bill"). balance = 0 and b . account_of ("Steve"). balance = 100 check Result end end end 21 of 25

  22. Test of Version 5: Result 22 of 25

  23. Exercise ● Consider the query account of (n: STRING) of BANK . ● How do we specify (part of) its postcondition to assert that the state of the bank remains unchanged: ○ [ × ] accounts = old accounts ○ [ × ] accounts = old accounts . twin ○ [ × ] accounts = old accounts . deep_twin ○ [ × ] accounts ˜ old accounts ○ [ × ] accounts ˜ old accounts . twin ○ [ ✓ ] accounts ˜ old accounts . deep_twin ● Which equality of the above is appropriate for the postcondition? ● Why is each one of the other equalities not appropriate? 23 of 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

When are contracts complete? In post-condition , for each attribute , specify the relationship

When are contracts complete? In post-condition , for each attribute , specify the relationship

When are contracts complete? In post-condition , for each attribute , specify the relationship between its pre-state value and its post-state value. Writing Complete Contracts Eiffel supports this purpose using the old keyword. This is

226 views • 7 slides
Writing Smart Contracts Dionysis Zindros Smart Contracts Day Athens, March 2017 We talked all

Writing Smart Contracts Dionysis Zindros Smart Contracts Day Athens, March 2017 We talked all

Writing Smart Contracts Dionysis Zindros Smart Contracts Day Athens, March 2017 We talked all about what smart contracts are... ...but what does a real smart contract look like? Lets talk about writing actual Smart Contracts with code

809 views • 50 slides
Motivating Problem: Complete Contracts Abstractions via Mathematical Models Recall what we

Motivating Problem: Complete Contracts Abstractions via Mathematical Models Recall what we

Motivating Problem: Complete Contracts Abstractions via Mathematical Models Recall what we learned in the Complete Contracts lecture: In post-condition , for each attribute , specify the relationship between its pre-state value and its

278 views • 5 slides
Inverted Commas Complete Complete whiteboard. Complete 2 3 1 Challenge 1 Lesson 3

Inverted Commas Complete Complete whiteboard. Complete 2 3 1 Challenge 1 Lesson 3

Lesson 3 Character's Feelings shortburst writing slides.notebook June 05, 2020 Gold Use a Bronze Silver Inverted Commas Complete Complete whiteboard. Complete 2 3 1 Challenge 1 Lesson 3 Character's Feelings shortburst writing

152 views • 12 slides
Board of Directors Operations Committee October 17, 2019 Complete 540 Project Update Rodger

Board of Directors Operations Committee October 17, 2019 Complete 540 Project Update Rodger

Board of Directors Operations Committee October 17, 2019 Complete 540 Project Update Rodger Rochelle, P.E. Chief Engineer 2 Complete 540 Project Update Complete 540 Three Contracts 3 Complete 540 Project Update Design-Build Contracts

810 views • 48 slides
COMPLETE INVENTORY CONTROL SOLUTIONS WHY INVENTORY SOLUTIONS? Secure long-term contracts

COMPLETE INVENTORY CONTROL SOLUTIONS WHY INVENTORY SOLUTIONS? Secure long-term contracts

COMPLETE INVENTORY CONTROL SOLUTIONS WHY INVENTORY SOLUTIONS? Secure long-term contracts Add Value to your Proposition Promote Partnership Grow business in existing accounts Better service your accounts Get your foot in the

706 views • 58 slides
11-823 Conlanging Writing Writing Systems Different Writing Systems What makes a writing

11-823 Conlanging Writing Writing Systems Different Writing Systems What makes a writing

11-823 Conlanging Writing Writing Systems Different Writing Systems What makes a writing system Standardization vs Historical artifacts Constructed Writing Systems Computing and its influence on writing Types of Writing

528 views • 24 slides
Types: Reference vs. Expanded Copies: Reference vs. Shallow vs. Deep Writing Complete

Types: Reference vs. Expanded Copies: Reference vs. Shallow vs. Deep Writing Complete

Types: Reference vs. Expanded Copies: Reference vs. Shallow vs. Deep Writing Complete Postconditions EECS3311 A: Software Design Fall 2018 C HEN -W EI W ANG Expanded Class: Modelling We may want to have objects which are: Integral parts

472 views • 43 slides
3. Contracts 3.1 Meaning of Contract Law Terms 3.2 Formation of Contracts 3.3 Legal

3. Contracts 3.1 Meaning of Contract Law Terms 3.2 Formation of Contracts 3.3 Legal

3. Contracts 3.1 Meaning of Contract Law Terms 3.2 Formation of Contracts 3.3 Legal Incapacity to Enter Contracts 3.4 Third-Party Beneficiary Contracts 3.5 Assignment and Delegation of Contract Rights and Duties 3.6 Statute of Frauds

1.16k views • 97 slides
7.2 Resume Writing Objective Create, format, and distribute a complete resume that accurately

7.2 Resume Writing Objective Create, format, and distribute a complete resume that accurately

7.2 Resume Writing Objective Create, format, and distribute a complete resume that accurately represents your skills, experience, and educational background 2 Introduction Q. What is a resume? A document that summarizes your skills ,

433 views • 24 slides
Writing Home 8: Formal and Informal Writing We We use formal language for: Writing to

Writing Home 8: Formal and Informal Writing We We use formal language for: Writing to

Writing Home 8: Formal and Informal Writing We We use formal language for: Writing to someone we dont know Writing for a large audience such as in a newspaper article Writing non-fiction such as instructions, explanations or

209 views • 6 slides
Custom Writing Service - Special Prices Literature review magazine presentation Marketing term

Custom Writing Service - Special Prices Literature review magazine presentation Marketing term

Custom Writing Service - Special Prices Literature review magazine presentation Marketing term paper juvenile delinquency thesis paper . assignment of contracts operation research images for creative writing articles critical thinking textbook

297 views • 3 slides
Looking and Writing: Teaching Writing in the Discipline Teaching Writing in the Discipline of

Looking and Writing: Teaching Writing in the Discipline Teaching Writing in the Discipline of

ProVisions Writing in the Disciplines October 11, 2011 Looking and Writing: Teaching Writing in the Discipline Teaching Writing in the Discipline of Art History Robert R. Shane, Ph.D. Art Department John C Bean Engaging Ideas: The John C.

436 views • 10 slides
Automated Fixing of Programs with Contracts Yi Wei, Yu Pei, Carlo A. Furia, Lucas S. Silva,

Automated Fixing of Programs with Contracts Yi Wei, Yu Pei, Carlo A. Furia, Lucas S. Silva,

Automated Fixing of Programs with Contracts Yi Wei, Yu Pei, Carlo A. Furia, Lucas S. Silva, Stefan Buchholz, Bertrand Meyer, Andreas Zeller Presented by Christine Zeller Motivation Programming is not just about writing code Find errors

207 views • 19 slides
Writing for Funding Part 1: General Writing and Writing for Specific Review Alicia J. Knoedler,

Writing for Funding Part 1: General Writing and Writing for Specific Review Alicia J. Knoedler,

Writing for Funding Part 1: General Writing and Writing for Specific Review Alicia J. Knoedler, Ph.D. Grant Writing for the Social Sciences Summer, 2003 Writing Discussions Part 1: Getting Started General writing comments and

809 views • 13 slides
words? Now complete activity 1 Use this to help complete activity 2 Now complete activity 2 To

words? Now complete activity 1 Use this to help complete activity 2 Now complete activity 2 To

What is meant by word class? Here are some examples: Noun adjective verb Can you think of any more types of words? Now complete activity 1 Use this to help complete activity 2 Now complete activity 2 To uplevel a sentence is to

1.41k views • 120 slides
Discourse: Structure Ling571 Deep Processing Techniques for NLP March 7, 2011 Roadmap

Discourse: Structure Ling571 Deep Processing Techniques for NLP March 7, 2011 Roadmap

Discourse: Structure Ling571 Deep Processing Techniques for NLP March 7, 2011 Roadmap Reference Resolution Wrap-up Discourse Structure Motivation Theoretical and applied Linear Discourse Segmentation Text

837 views • 46 slides
Green Banks Transforming Clean Energy Financing in Maine Significant capital is needed to achieve

Green Banks Transforming Clean Energy Financing in Maine Significant capital is needed to achieve

Green Banks Transforming Clean Energy Financing in Maine Significant capital is needed to achieve Maines climate and clean energy goals 80% emissions reduction by 2050 and renewable electricity by 2030 30% reduction in electricity and

348 views • 9 slides
Selected exposures based on recommendations of the Financial Stability Board 04 May 2011 1

Selected exposures based on recommendations of the Financial Stability Board 04 May 2011 1

Selected exposures based on recommendations of the Financial Stability Board 04 May 2011 1 Disclaimer The exposures based on the recommendation of the Financial Stability Board as at 31March 2011 are not materially different from that

421 views • 12 slides
A two-stage m odel to reveal a universitys research data landscape and facultys research

A two-stage m odel to reveal a universitys research data landscape and facultys research

A two-stage m odel to reveal a universitys research data landscape and facultys research data practices Thomas Seyffertitz & Michael Katzmayr INTERNATIONAL CONFERENCE ON ECONOMICS AND BUSINESS INFORMATION, BERLIN, 6-7 MAY 2019 Vienna

174 views • 15 slides
Operating System Structure Heechul Yun Disclaimer: some slides are adopted from the book

Operating System Structure Heechul Yun Disclaimer: some slides are adopted from the book

Operating System Structure Heechul Yun Disclaimer: some slides are adopted from the book authors slides with permission Recap: Memory Hierarchy Fast, Expensive Slow, Inexpensive 2 Recap Architectural support for OS Interrupt,

780 views • 29 slides
Ev en t s t ru c t u re a n d s m a l l - x i s s ue s a t 1 0 0 Te V Peter Skands (CERN TH)

Ev en t s t ru c t u re a n d s m a l l - x i s s ue s a t 1 0 0 Te V Peter Skands (CERN TH)

1st Future Hadron Collider Workshop, May 2014, CERN Ev en t s t ru c t u re a n d s m a l l - x i s s ue s a t 1 0 0 Te V Peter Skands (CERN TH) What does the average collision look like? How many of them are there? ( pileup ) How much

576 views • 21 slides
Understanding functionality and structure Aim Design scaffolds for understanding IT use

Understanding functionality and structure Aim Design scaffolds for understanding IT use

Understanding functionality and structure Aim Design scaffolds for understanding IT use Complete Assignment 2 Core literature: Chapter 4. Understanding IT Additional literature Aharoni, D. (2000) Cogito, ergo sum!

862 views • 32 slides
Synchronization: Critical Sections & Semaphores Why? Examples What? The Critical

Synchronization: Critical Sections & Semaphores Why? Examples What? The Critical

CPSC-313: Introduction to Computer Systems Process Synchronization: Critical Sections, Semaphores, Monitors Synchronization: Critical Sections & Semaphores Why? Examples What? The Critical Section Problem How? Software solutions

521 views • 23 slides

More recommend