Assertion with Aspect (about Predictability) Takashi Ishio†, Toshihiro Kamiya‡, Shinji Kusumoto† and Katsuro Inoue† † Osaka University ‡ Japan Science and Technology Agency {t-isio, kamiya, kusumoto,

Download Report

Transcript Assertion with Aspect (about Predictability) Takashi Ishio†, Toshihiro Kamiya‡, Shinji Kusumoto† and Katsuro Inoue† † Osaka University ‡ Japan Science and Technology Agency {t-isio, kamiya, kusumoto,

Assertion with Aspect (about Predictability)

Takashi Ishio † , Toshihiro Kamiya ‡ , Shinji Kusumoto † and Katsuro Inoue † † Osaka University ‡ Japan Science and Technology Agency {t-isio, kamiya, kusumoto, inoue}@ist.osaka-u.ac.jp

Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University

Introduction

A programmer has assumptions for the usage or the purpose of a method.

A programmer express such assumptions as assertion statements.

Certain assumptions are hard to be described in OO programming.

a context-specific assumption an assumption crosscutting objects

Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University

Assertion with Aspect

Combine assertion statements with aspects: In a class: assert( aPredicateMethod ()); A predicate method returns a boolean value.

In an aspect: boolean aPredicateMethod () { return ... ; } Class assert(A1) assert(A2) assert(A2) Aspect Check a property of the component Check a context-specific property of the component

Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University

Advantages of Assertion using Aspect

Programmers can add a new constaint to an assertion statement.

A reusable (generic) component + application-specific constraint aspects Aspects can add assertion statements checking pre/post-conditions to a class.

Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University

How does assertion support predictability ?

Assertion statements check the state of the program, do not modify the state.

Programmers can understand what properties are held in the program execution.

Pre/post-conditions express method functionalities.

Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University

How does assertion reduce predictability ?

An assertion may have a side effect.

array = getUnsortedArray(); assert( isSorted (array) ); doSomethingUsingSortedArray(array); boolean isSorted (Array array) { if (!array.sorted()) array.sort(); return true; }

Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University

To be side-effect free assertion

Assertion is an executable document for programmers.

It is not a part of a function.

How does we enforce programmers to implement the assertion without side-effects ?

const

keyword in C++ is hopeful.

Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University

Summary

Writing assertion supports predictability when the programmers use assertion to express assumptions.

An assertion with a side-effect is problematic.

Enforcing programmers to write predicate methods without side-effects is important.

Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University

Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University

A context-specific assumption

(A simple example) A programmer wants to use HashMap as a map from String which is length() > 0 to arbitrary Object.

HashMap Object  Object is available.

Following assertion is added to the program.

before (Object o): within(AClass) && call(* HashMap.put(Object, Object)) && args(o,..) { assert ( (o instanceof String) && (((String)o).length() > 0) ); }

Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University

Behavioral Subtyping

A: HashMap (Object  Object) B: HashMap (String  Object) A is a behavioral subtype of B. (B is not a behavioral subtype of A) If B is a wrapper object, it needs to prohibit a direct access to A.

Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University

Another example: control-flow assumption

m: public method m1: private method, a worker method for m.

“m1 is called from m.” before(): call(void m1()) && cflow(execution(void m())) { // set aCallerFlag about caller } before(): execution(void m1()) { assert ( aCallerFlag ) }

Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University