1 / 14

Advanced Material

Advanced Material. The following slides contain advanced material and are optional. Outline. Invariants Violating the invariant Marriage problem. Invariants explained in 60 seconds. Consistency requirements for a class Established after object creation Hold, when an object is visible

cathy
Download Presentation

Advanced Material

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Advanced Material The following slides contain advanced material and are optional.

  2. Outline • Invariants • Violating the invariant • Marriage problem

  3. Invariants explained in 60 seconds • Consistency requirements for a class • Established after object creation • Hold, when an object is visible • Entry of a routine • Exit of a routine • class • ACCOUNT • feature • balance: INTEGER • invariant • balance >= 0 • end

  4. Temporary violation • Invariants can be violated temporarily • e.g. on object creation • In Eiffel, invariants are checked on entry and exit of a qualified feature call • One exception: for calls to creation procedures, • invariants are not checked on entry to routine • e.g createcell.set_item (1) • But checked for normal call: cell.set_item (1) • See demo.

  5. Public interface of person (without contracts) • class • PERSON • feature • spouse: PERSON • -- Spouse of Current. • marry (a_other: PERSON) • -- Marry `a_other’. • do • … • end • end • class • MARRIAGE • feature • make • local • alice: PERSON • bob: PERSON • do • create alice • create bob • bob.marry (alice) • end • end

  6. Write the contracts Hands-On • class PERSON • feature • spouse: PERSON • marry (a_other: PERSON) • require • ?? • ensure • ?? • invariant • ?? • end

  7. A possible solution • class PERSON • feature • spouse: PERSON • marry (a_other: PERSON) • require • a_other /= Void • a_other /= Current • a_other.spouse = Void • spouse = Void • ensure • spouse = a_other • a_other.spouse = Current • end • invariant • spouse /= Void impliesspouse.spouse = Current • spouse /= Current • end

  8. Implementing marry • class PERSON • feature • spouse: PERSON • marry (a_other: PERSON) • require • a_other /= Void • a_other /= Current • a_other.spouse = Void • spouse = Void • do • ?? • ensure • spouse = a_other • a_other.spouse = Current • end • invariant • spouse /= Void impliesspouse.spouse = Current • spouse /= Current • end

  9. Implementing marry I Hands-On • class PERSON • feature • spouse: PERSON • marry (a_other: PERSON) • require • a_other /= Void • a_other /= Current • a_other.spouse = Void • spouse = Void • do • a_other.spouse := Current • spouse := a_other • ensure • spouse = a_other • a_other.spouse = Current • end • invariant • spouse /= Void impliesspouse.spouse = Current • spouse /= Current • end Compiler Error: No assignercommandfora_other

  10. Implementing marry II Hands-On • class PERSON • feature • spouse: PERSON • marry (a_other: PERSON) • require • a_other /= Void anda_other/= Current • a_other.spouse = Void • spouse = Void • do • a_other.set_spouse (Current) • spouse := a_other • ensure • spouse = a_other • a_other.spouse = Current • end • set_spouse (a_person: PERSON) • do • spouse := a_person • end • invariant • spouse /= Void impliesspouse.spouse = Current • spouse /= Current • end local bob, alice: PERSON do create bob; create alice bob.marry (alice) bob.set_spouse (Void) -- What about the invariants -- of bob and alice? end

  11. Implementing marry III Hands-On • class PERSON • feature • spouse: PERSON • marry (a_other: PERSON) • require • a_other /= Void anda_other /= Current • a_other.spouse = Void • spouse = Void • do • a_other.set_spouse (Current) • spouse := a_other • ensure • spouse = a_other • a_other.spouse = Current • end • feature {PERSON} • set_spouse (a_person: PERSON) • do • spouse := a_person • end • invariant • spouse /= Void impliesspouse.spouse = Current • spouse /= Current • end Whataboutthe invariant ofa_other in featuremarry?

  12. Implementing marry : final version • class PERSON • feature • spouse: PERSON • marry (a_other: PERSON) • require • a_other /= Void • a_other.spouse = Void • spouse = Void • do • spouse := a_other • a_other.set_spouse (Current) • ensure • spouse = a_other • a_other.spouse = Current • end • feature {PERSON} • set_spouse (a_person: PERSON) • do • spouse := a_person • end • invariant • spouse /= Void impliesspouse.spouse = Current • spouse /= Current • end

  13. Ending the marriage Hands-On • class PERSON • feature • spouse: PERSON • divorce • require • spouse /= Void • do • spouse.set_spouse (Void) • spouse := Void • ensure • spouse = Void • (old spouse).spouse = Void • end • invariant • spouse /= Void impliesspouse.spouse = Current • spouse /= Current • end Is the order of instructions in divorce important for the invariant?

  14. What we have seen • Invariant should only depend on Current object • If invariant depends on other objects • Take care who can change state • Take care in which order you change state • Invariant can be temporarily violated • You can still call features on Current object • Take care in callingother objects, they might call back • Although writing invariants is not that easy, they are necessary to do formal proofs. This is also the case for loop invariants (which will come later).

More Related