meeting -*- outline -*- make photocopies of: Client2.java Formula.java with specs * abstraction and information hiding ** compilation units (CUs) In file-system based implementations, a CU is a file. There can only be one public class or interface per CU. Normally each class or interface goes in its own CU. *** privacy levels support information hiding ------------------------------------------ PRIVACY LEVELS IN JAVA public = private = (default) = These can be applied to all top-level declarations: - fields - methods - classes and interfaces ------------------------------------------ ... accessible everywhere ... accessible only within the class where it is declared ... accessible only within the package of its declaration ------------------------------------------ EXAMPLES OF FIELD PRIVACY package examples; public class Privacy { private int priv = 0; int pack = 1; public int pub = 3; } EXAMPLES OF METHOD PRIVACY package examples; class Privacy2 { private void priv() {} void pack() {} public void pub() {} } ------------------------------------------ ------------------------------------------ WHICH ARE LEGAL? import examples.*; public class Client2 { // note: some of this is illegal! public void testPrivacy() { Privacy o = new Privacy(); int i = 3; i = o.priv; o.priv = i; i = o.pack; o.pack = i; i = o.pub; o.pub = i; } public void testPrivacy2() { Privacy o = new Privacy2(); o.priv(); o.pack(); o.pub(); } } ------------------------------------------ Q: What would you use private fields for? Q: Should you ever use public fields? only if they are read-only (final in Java) constants final is like C++ const See Reil's heuristic 2.1: All [non-constant] data should be hidden within its class Q: How do clients access hidden stuff? call a method or several methods *** specification vs. implementation ------------------------------------------ SPECIFICATION vs. IMPLMENTATION Def: The *specification* of an object is Def: The *implementation* of an object is ------------------------------------------ ... - a description of its public signature (interface), usually only methods and read-only constants - a description of how the public methods act (i.e., a way to test the object's implementation) In C++ the specification is roughly the header file + behavior (but header files also contain private information about fields) ... - the syntax used to declare it (determines the public interface) - the code for initializations and method bodies (determines the behavior) ------------------------------------------ package calc; /** Formulas for the calculator. * @author Gary T. Leavens */ public class Formula { /** The left register */ private /*@ spec_public @*/ int left; /** The right register */ private /*@ spec_public @*/ int right; /** * Initialize this Formula object to be the sum of the given registers. * @param left the left register's number. * @param right the right register's number */ //@ requires 0 <= left && left < Registers.NUM_REGS; //@ requires 0 <= right && right < Registers.NUM_REGS; //@ ensures this.left == left && this.right == right; public Formula(int left, int right) { this.left = left; this.right=right; } /** * Evaluate the formula and return its value. */ /*@ ensures (* \result is the sum of the value of @ the left and right register's values. *); @*/ public double evaluate() { return Registers.get(left) + Registers.get(right); } } ------------------------------------------ The specification is given in the comments. The requires clauses say what must be true before this is called. The ensures clauses say what is guaranteed by the call. (But the details of the notation aren't important now, just the idea that there is a specification.) Q: Why write the specification down? Helps in maintenance no abstraction without it Forms a contract, which allows for debugging, testing, blame assignment and allows future changes Q: consider the constructor, would we be able to pass it -1 as a register number? *** interfaces in java ------------------------------------------ INTERFACES RECORD OBJECT SIGNATURES (AND SPECIFICATIONS) package calc; /** Interface of Formulas * @author Gary T. Leavens */ public interface FormulaType { /** * Evaluate the formula and return its value. */ //@ ensures (* \result is the value of the formula. *); double evaluate(); } ------------------------------------------ Note: evaluate() is implictly public -- everything is public in an interface. Note: No constructors in interfaces, all fields are implicitly public, final, and static ------------------------------------------ CLASSES IMPLEMENT INTERFACES package examples; /** A person class. */ public class Formula implements FormulaType { /* ... */ } ------------------------------------------ *** correctness ------------------------------------------ CORRECT IMPLEMENTATION Def: A class C *correctly implements* an ADT if each object of class C: (i) has an interface that subsumes the specified interface (ii) has code that satisfies its contract ------------------------------------------ In thinking about correctness of an implementation, we assume that: - the underlying language is implemented according to its specification, - all (other) classes and methods used behave according to their specifications. This allows us to understand complex systems one piece at a time (modularity) The meaning of a specification is a set of correct implementations. Thus an ADT is a specification.