9- operation contracts

7/21/2019 9- Operation Contracts

http://slidepdf.com/reader/full/9-operation-contracts 1/26

Operation Contracts

What Is Design By Contract?

What Are OperationContracts?



Design By Contract

• Design by Contract (DbC) or Programming byContract is an approach to designing computersoftware. It prescribes that software designers shoudde!ne forma" precise and #eri!abe interfacespeci!cations for software components" which e$tend

the ordinary de!nition of abstract data types withpreconditions" postconditions and in#ariants. %hesespeci!cations are referred to as &contracts&" inaccordance with a conceptua metaphor with theconditions and obigations of business contracts.

• Because Design by Contract is a registered trademar'* of +i,e -oftware in the nited -tates" manyde#eopers refer to it as /rogramming by Contract"Contract /rogramming" or Contract01irst de#eopment.

(http233en.wi'ipedia.org3wi'i3Design4by4contract)

http://en.wikipedia.org/wiki/Design_by_contract

http://en.wikipedia.org/wiki/Design_by_contract



• DbC is a metaphor on how eements of a softwaresystem coaborate with each other" on the basis ofmutua obligations and benefts. %he metaphor comesfrom business ife" where a &cient& and a &suppier&agree on a &contract& which documents that2

• %he suppier must pro#ide a certain product(obigation) and is entited to e$pect that the cienthas paid its fee (bene!t).

• %he cient must pay the fee (obigation) and isentited to get the product (bene!t).

• Both parties must satisfy certain obigations" such asaws and reguations" appying to a contracts.(http233www.ei,e.com3de#eopers3design4by4contract.ht

m)



5oare 6ogic

Design by Contract has its routes in 5oare ogic.

• %he centra feature of Hoare logic is the Hoaretriple. A tripe describes how the e$ecution of a

piece of code changes the state of thecomputation. A 5oare tripe is of the form2 7/8 C 798where P and Q are assertions and C is acommand. P is caed the precondition and Q the

postcondition2 if the precondition is met" thecommand estabishes the postcondition.Assertions are formuas in predicate ogic.

(http233en.wi'ipedia.org3wi'i35oare4ogic)



Partial and totalcorrectness

-tandard 5oare ogic pro#es ony partiacorrectness" whie termination woud ha#eto be pro#ed separatey. %hus the intuiti#ereading of a 5oare tripe is2 Whene#er P hods of the state before the e$ecution ofC" then Q wi hod afterwards" or C doesnot terminate. :ote that if C does notterminate" then there is no &after&" so Q

can be any statement at a. Indeed" onecan choose Q to be fase to e$press that C does not terminate.

(http233en.wi'ipedia.org3wi'i35oare4ogic)



;

Contracts in human affairs

(contract analogy slides by Prof. C. Constantinides)



<

Cient2 %he passenger

Obigations

-uppier2 %he raiway company

Arri#e at the departurestation on time" ta'ethe right train and geto, at the right station.

Example: The railway passengers contract

Bene!ts



=

:o need to ma'e surethat passengers get to tdeparture station on timta'e the right train or go, at the right station.

Obigations of cient"

are suppier>s bene!ts

Obigations Bene!ts






@


Obigations


Con#ey passengerfrom departure stationto destination station.



Bene!ts




Obigations


Con#ey passengerfrom departure stationto destination station.

:o need to dri#e orna#igate from departurestation to destinationstation.



Bene!ts

Obigations of suppi

are cient>s bene!ts



• !bC "iews the relation between a class and its client(s) as a formalagreement# or contract # expressing each partys benefits andobligations.

• $ithout such a precise definition we cannot ha"e a significantdegree of trust in large software systems.

• Contract "iolations lead to run%time errors# i.e. exceptions.

(slide by Prof. C. Constantinides)

Class A Class B

suppiercient



&enefits and obligations

• The clients obligations are the suppliers benefits and"ice%"ersa.

• Classes'methods can be clients and suppliers too.


Class A Class B

suppiercient



Defensi#e programming

Design by Contract repaces defensi#eprogramming by reuiring that both partiesmeet certain e$pectations. %herefore it is

no onger necessary to code against apossibe inputs.

%he caed method or cass can rey on thecaer to meet the contract for inputs.

%he caer can rey on the caed method orcass to return #aues in 'eeping with thecontract.



Operationa Contracts

1or the purposes of this course youwi not be reuired to do design bycontract but you are e$pected to be

abe to write operationa contracts inrespect of system operations for yourproect.

%he same contract metaphor appiedin design by contract appies to thewriting of operationa contracts



One0%o0One Eapping?

If your -ystem -euence Diagram correctymodeed system operations then each stepin the --D (arrow on the graph) wi map toe$acty one operationa contract.

Whie this one0to0one mapping is thetheoretica idea it is e$pected that in reaitythe process of design wi normay incude agreat dea of disco#ery of newreuirements3operations and thus true one0to0one mapping is e$pected to be rare.



;

se0Case Eode2 Adding Detai withOperation Contracts

• Contracts are documents that describe systembeha#ior.

• Contracts may be de!ned for system operations. Operations that the system (as a bac' bo$) o,ers in its pubic

interface to hande incoming system e#ents.

• %he entire set of system operations across a use

cases" de!nes the pubic system interface.




<

-ystem operations and the systeminterface

• In the E6 the system asa whoe can be

represented as a cass.

• Contracts are written foreach system operation to

describe its beha#ior.


-ystem

ma'e:ew-ae()add6ineItem(id" uantity)end-ae()ma'e/ayment(cash%endered)



=

+$ampe contract2 addLineItem

Contract CO2: addLineItem

Operation: add6ineItem (id2 ItemID"uantity2 integer)

Cross References: se Case2 /rocess -ae.

Preconditions: %here is a sae underway.

Postconditions:ext *lide




@

Postconditions: A -aes6ineItem instance sli was created. (instance

creation)

sli was associated with the -ae. (association formed)

sli.quantity was set to uantity. (attribute modi!cation) sli was associated with a /roduct-peci!cation" based on

id match (association formed)




/re0 and /ostconditions

• /reconditions are assumptions about the state of thesystem before e$ecution of the operation.

• A postcondition is an assumption that refers to the

state of the system after competion of the operation. %he postconditions are not actions to be performed during

the operation.

Describe changes in the state of the obects in the DomainEode (instances created" associations are being formed orbro'en" and attributes are changed)




/ostconditions

In writing Operationa Contracts/ostconditions are aways speci!ed interms of" and ony in terms of2

.%he creation or destruction of Domain6e#e Obects

.%he ateration of attribute #aues forDomain 6e#e Obects

F.%he formation or dissoution ofassociations between Domain 6e#eObects



addLineItem postconditions

• Instance Creation and Deetion

• After the id and quantity of an item ha#e been

entered by the cashier" what new obects shoudha#e been created? A SalesLineItem instance sli was created.




F

• Attribute Eodi!cation


entered by the cashier" what attributes of new ore$isting obects shoud ha#e been modi!ed?

• sli.quantity was set to quantity (attribute

modi!cation).




G

• Associations formed or bro'en


entered by the cashier" what associations betweennew or e$isting obects shoud ha#e been formed orbro'en? sli was associated with the current Sale (association formed).

sli was associated with a ProductSpecifcation" based on id

match (association formed).




H

Writing contracts may ead to domainmode updates

• It is aso common to disco#er the need to record newconcepts" attributes or associations in the DomainEode.




;

uideines for contracts(slide by Prof. C. Constantinides)

Operation2ma'e:ew-ae...

se Case2

/rocess -ae

se Case-ystem-euenceDiagram

-ystemOperations

Contracts

ma'e:ew-ae()

add6ineItem ()

end-ae()

ma'e/ayment()

-ystem

ma'e:ew-ae()add6ineItem(id" uantity)

end-ae()ma'e/ayment(cash%endered)

Operation2add6ineItem

...

Operation2end-ae...

Operation2ma'e/ayment

...

9- operation contracts

Documents