Transcript Slides
Lecture 4:
Data Abstraction
CS201j: Engineering Software
University of Virginia
Computer Science
David Evans
http://www.cs.virginia.edu/~evans
Menu
• Data Abstraction
• Specifying Abstract Data Types
• Implementing Abstract Data Types
10 September 2002
CS 201J Fall 2002
2
Managing Complexity
• Modularity
– Divided problem into procedures
– Used specifications to separate what from
how
• A big program can have thousands of
procedures
10 September 2002
CS 201J Fall 2002
3
Data Abstraction
• We need new data types, not just
procedures
– How would PS2 work without the StringTable
type?
– We could make procedures, but what would
you pass to them?
• Organize program around abstract data
types
10 September 2002
CS 201J Fall 2002
4
Abstract Data Types
• Separate what you can do with data from
how it is represented
• Client interacts with data through provided
operations according to their specifications
• Implementation chooses how to represent
data and implement its operations
10 September 2002
CS 201J Fall 2002
5
Data Abstraction in Java
• A class defines a new data type
• Use private instance variables to hide the
choice of representation
– private declarations are only visible inside the
class
10 September 2002
CS 201J Fall 2002
6
Up and Down
Clients manipulate an abstract data type by calling
its operations (methods and constructors)
clients
Abstract Type
Concrete Representation
class implementation
The representation of an abstract data type is
visible only in the class implementation.
10 September 2002
CS 201J Fall 2002
7
Example: CellState
public class CellState {
// OVERVIEW: A CellState is an immutable
// object that represents the state of a cell,
// either alive or dead.
static public CellState createAlive()
// EFFECTS: Returns an alive cell state.
static public CellState createDead ()
// EFFECTS: Returns a dead cell state.
public boolean isAlive ()
// EFFECTS: Returns true iff this is alive.
}
10 September 2002
CS 201J Fall 2002
8
Cell State Representation
private boolean alive;
clients
CellState
cs.isAlive ()
Abstract Type
Concrete Representation
boolean alive;
class implementation
public boolean isAlive () { return alive; }
10 September 2002
CS 201J Fall 2002
9
Advantages/Disadvantages
- More code to write and maintain
- Run-time overhead (time to call method)
+ Client doesn’t need to know about
representation
+ Suppose we want to add more states
(e.g., cells that were just born)
10 September 2002
CS 201J Fall 2002
10
StringSet Example
• StringSet abstract data type: represent a
set of strings
• Support mathematical set operations:
insert, isIn, size
• Create an empty set
10 September 2002
CS 201J Fall 2002
11
Specifying Abstract Data Types
• Overview: what does the type represent
– Mutability/Immutability
A StringSet is a mutable set of Strings.
– Abstract Notation
A typical StringSet is { x1, …, xn }.
• Operations: specifications for constructors
and methods clients use
– Describe in terms of abstract notation
introduced in overview.
10 September 2002
CS 201J Fall 2002
12
StringSet Specification
public class StringSet
// OVERVIEW: StringSets are unbounded, mutable sets of
//
Strings. A typical StringSet is { x1, ..., xn }
public StringSet ()
// EFFECTS: Initializes this to be empty: { }
public void insert (String s)
// MODIFIES: this
// EFFECTS: Adds x to the elements of this:
//
this_post = this_pre U { s }
public boolean isIn (String s) {
// EFFECTS: Returns true iff s is an element of this.
public int size ()
// EFFECTS: Returns the number of elements in this.
10 September 2002
CS 201J Fall 2002
13
Components of Data Abstractions
• Ways to create objects of the data type
– Creators: create new objects of the ADT from
parameters of other types
– Producers: create new objects of the ADT
from parameters of the ADT type (and other
types)
• Ways to observe properties: observers
• Ways to change properties: mutators
10 September 2002
CS 201J Fall 2002
14
StringSet Operations
public class StringSet
// OVERVIEW: StringSets are unbounded, mutable sets of
//
Strings. A typical StringSet is { x1, ..., xn }
public StringSet ()
// EFFECTS: Initializes this to be empty: { }
public void insert (String s)
// MODIFIES: this
// EFFECTS: Adds x to the elements of this:
//
this_post = this_pre U { s }
public boolean isIn (String s) {
// EFFECTS: Returns true iff s is an element of this.
public int size ()
// EFFECTS: Returns the number of elements in this.
• Creators
StringSet ()
• Producers
none
• Observers
isIn, size
• Mutators
insert
10 September 2002
CS 201J Fall 2002
15
Using Abstract Data Types
• PS1, PS2
• Client interacts with data type using the
methods as described in the specification
• Client does not know the concrete
representation
10 September 2002
CS 201J Fall 2002
16
Implementing Abstract Data Types
10 September 2002
CS 201J Fall 2002
17
Choosing a Representation
• Need a concrete data representation to
store the state
• Think about how methods will be
implemented
– A good representation choice should:
• Enable easy implementations of all methods
• Allow performance-critical methods to be
implemented efficiently
10 September 2002
CS 201J Fall 2002
18
StringSet Representation
• Option 1: private String [] rep;
– Recall Java arrays are bounded
– Easy to implement most methods, hard to
implement insert
• Option 2: private Vector rep;
– Easy to implement all methods
– Performance may be worse than for array
10 September 2002
CS 201J Fall 2002
19
Implementing StringSet
public class StringSet {
// OVERVIEW: StringSets are unbounded, mutable sets of Strings.
// A typical StringSet is {x1, ..., xn}
// Representation:
private Vector rep;
public StringSet () {
// EFFECTS: Initializes this to be empty: { }
rep = new Vector ();
Could this implementation
}
of insert be correct?
public void insert (String s) {
// MODIFIES: this
// EFFECTS: Adds s to the elements of this:
//
this_post = this_pre U { s }
rep.add (s);
}
10 September 2002
CS 201J Fall 2002
20
It depends…
public int size () {
// EFFECTS: Returns the number of elements in this.
StringSet uniqueels = new StringSet ();
for (int i = 0; i < rep.size (); i++) {
String current = (String) rep.elementAt (i);
if (uniqueels.isIn (current)) {
;
} else {
uniqueels.insert (current);
}
}
return uniqueels.rep.size ();
}
10 September 2002
CS 201J Fall 2002
21
Is it correct?
public int size () {
// EFFECTS: Returns the number of
//
elements in this.
return rep.size ();
}
public void insert (String s) {
if (!isIn (s)) rep.add (s);
}
10 September 2002
CS 201J Fall 2002
22
Reasoning About Data Abstractions
• How can we possibly implement data
abstractions correctly if correctness of one
method depends on how other methods
are implemented?
• How can we possibly test a data
abstraction implementation if there are
complex interdependencies between
methods?
10 September 2002
CS 201J Fall 2002
23
What must we know to know size is
correct?
public int size () {
// EFFECTS: Returns the number of
//
elements in this.
return rep.size ();
}
• This implementation is correct only if we
know the rep does not contain duplicates
10 September 2002
CS 201J Fall 2002
24
Rep Invariant
• The Representation Invariant expresses
properties all legitimate objects of the ADT
must satisfy
I: C → boolean
Function from concrete representation
to boolean.
• Helps us reason about correctness of
methods independently
10 September 2002
CS 201J Fall 2002
25
Reasoning with Rep Invariants
• Prove all objects satisfy the invariant
before leaving the implementation code
• Assume all objects passed in satisfy the
invariant
REQUIRES: Rep Invariant is true for this (and any
other reachable ADT objects)
EFFECTS: Rep Invariant is true for all new and
modified ADT object on exit.
10 September 2002
CS 201J Fall 2002
26
Rep Invariant for StringSet
public class StringSet {
// OVERVIEW: StringSets are unbounded,
// mutable sets of Strings.
// A typical StringSet is {x1, ..., xn}
// Representation:
private Vector rep;
// RepInvariant (c) =
//
c contains no duplicates
//
&& c != null
10 September 2002
CS 201J Fall 2002
27
Implementing Insert?
public void insert (String s) {
// MODIFIES: this
// EFFECTS: Adds s to the elements of this:
//
this_post = this_pre U { s }
rep.add (s);
}
Not a correct implementation: after it
returns this might not satisfy the rep
invariant!
10 September 2002
CS 201J Fall 2002
28
Implementing Insert
public void insert (String s) {
// MODIFIES: this
// EFFECTS: Adds s to the elements of this:
//
this_post = this_pre U { s }
if (!isIn (s)) { rep.add (s); }
}
Possibly correct implementation: we
need to know how to map rep to
abstraction notation to know if
this_post = this_pre U { s }
10 September 2002
CS 201J Fall 2002
29
Abstraction Function
• The Abstraction Function maps a concrete
state to an abstract state:
AF: C → A
Function from concrete representation to
the abstract notation introduced in
overview specification.
• Range is concrete states for which RI is
true
10 September 2002
CS 201J Fall 2002
30
Abstraction Function for StringSet
public class StringSet {
// OVERVIEW: StringSets are unbounded,
// mutable sets of Strings.
// A typical StringSet is {x1, ..., xn}
// Representation:
private Vector rep;
// AF (c) =
//
{ AFString (c.els[i]) | 0 <= i < c.els.size () }
10 September 2002
CS 201J Fall 2002
31
Correctness of Insert
public void insert (String s) {
// MODIFIES: this
// EFFECTS: Adds s to the elements of this:
//
this_post = this_pre U { s }
if (!isIn (s)) { rep.add (s); }
}
Use abstraction function to show if add
implements its specification, the
AF(rep_post) = AF(rep_pre) U {AFString(s)}
10 September 2002
CS 201J Fall 2002
32
Reality Check
• Writing abstraction functions, rep invariants,
testing code thoroughly, reasoning about
correctness, etc. for a big program is a ridiculous
amount of work!
• Does anyone really do this?
– Yes (and a lot more), but usually only when its really
important to get things right:
• Cost per line of code:
– Small, unimportant projects: $1-5/line
– WindowsNT: about $100/line
– FAA’s Automation System (1982-1994): $900/line
10 September 2002
CS 201J Fall 2002
33
Charge
• PS3: due next Thursday
– Implement the StringTable abstract data type
you used in PS2
– Longer than PS2
– Reason about data types using abstraction
functions and rep invariants
• Thursday: ESC/Java annotations and rep
invariants
• Tuesday: Practice with data abstractions
10 September 2002
CS 201J Fall 2002
34