Download
1 / 8
90 likes | 235 Vues
This article delves into contract-based programming, focusing on pre- and post-conditions, and their roles in software correctness. It discusses how a program is viewed as a "black box" where valid inputs should yield correct outputs. The significance of specifying preconditions (for valid input) and postconditions (for expected output) is highlighted, along with exception handling in Java. Examples illustrate preconditions, postconditions, and invariants, demonstrating their practical application in method design and error management.
E N D
Contract based programming using pre- and post-conditions Pre- and post-conditions, Using exceptions
Design by contract • Idea • A program is correct if given correct input the program produces correct output. • Correct input → PROGRAM → correct output • A program is considered a kind of “black box” • Same idea applies to parts of a program • Methods, functions, etc. • Correct input → METHOD → correct output • Precondition • Specification of correct input • Postcondition • Specification of correct output Pre- and post-conditions, Using exceptions
Pre- and postconditions • Statement that evaluates to true or false • Many Java methods have a precondition • Class.forName(String className) • Assumes className != null and that the class exists. • Integer.parseInt(String s) • Assumes that the String s contains a number • If you don’t respect the precondition the methods will most likely throw some kind of (runtime) exception • IllegalArgumentException • NumberFormatException • A subclass of IllegalArgumentException • In Java pre- and postconditions are not part of method signatures • You can specify pre- an postconditions as comments Pre- and post-conditions, Using exceptions
class S { // pre: A; post: B method(int p) { … } } class T extends S { // pre: X; post: Y method(int p) { … } } X can be weaker than A Y can be stronger than B Example A: p > 0 disallows 0 X: p ≥ 0 allows 0 B result is true or false Example: Collection.add() Y result is always true Example: List.add() Pre- and postconditions used with method overriding Pre- and post-conditions, Using exceptions
Invariant • An invariant is a statement that is invariably true. • Class invariant • Statement about the objects state between method invocation • Loop invariant • Statement about the state of variables in a loop Pre- and post-conditions, Using exceptions
Proof of post condition • The idea of introducing pre- and postconditions is to formally (mathematically) prove the postcondition from the preconditions • Precondition AND program implies post condition • An invariant may help doing the proof. • However, often the proof can be quite hard to do. • Usually only done in critical systems • Controlling hospital equipment, satellites, etc. • Usually more errors in the proof than in the program • But gives you a chance to rethink you program. Pre- and post-conditions, Using exceptions
Stating pre- and post-conditions • In Java pre- and post-conditions are usually described in the JavaDoc comments • /** PRE: a > 0*/ • void method(int a) {…} Pre- and post-conditions, Using exceptions
Checking pre-conditions • In Java pre-conditions can be checked using simple if-statements • If (parameter is not legal) throw SomeException • The exception thrown is often an IllegalArgumentException, or one of its subclasses • NumberFormatException Pre- and post-conditions, Using exceptions
