Data%20Abstractions - PowerPoint PPT Presentation

View by Category
About This Presentation
Title:

Data%20Abstractions

Description:

Data Abstractions EECE 310: Software Engineering Abstraction Function: IntSet Show that the implementation matches the ADT s specification (i.e., its abstraction ... – PowerPoint PPT presentation

Number of Views:85
Avg rating:3.0/5.0
Slides: 62
Provided by: Karthi6
Learn more at: http://courses.ece.ubc.ca
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Data%20Abstractions


1
Data Abstractions
  • EECE 310 Software Engineering

2
Learning Objectives
  • Define data abstractions and list their elements
  • Write the abstraction function (AF) and
    representation invariant (RI) of a data
    abstraction
  • Prove that the RI is maintained and that the
    implementation matches the abstraction (i.e., AF)
  • Enumerate common mistakes in data abstractions
    and learn how to avoid them
  • Design equality methods for mutable and immutable
    data types

3
Data Abstraction
  • Introduction of a new type in the language
  • Type can be abstract or concrete
  • Has one of more constructors and operations
  • Type can be used like a language type
  • Both the code and the data associated with the
    type is encapsulated in the type definition
  • No need to expose the representation to clients
  • Prevents clients from depending on implementation

4
Isnt this OOP ?
  • NO, though OOP is a way to implement ADTs
  • OOP is a way of organizing programs into classes
    and objects. Data abstraction is a way of
    introducing new types ADTs with meanings.
  • Encapsulation is a goal shared by both. But data
    abstraction is more than just creating classes.
  • In Java, every data abstraction can be
    implemented by a class declaration. But every
    class declaration is not a data abstraction.

5
Elements of a Data Abstraction
  • The abstraction specification should
  • Name the data type
  • List its operations
  • Describe the data abstraction in English
  • Specify a procedural abstraction for each
    operation
  • Public vs. Private
  • The abstraction only lists the public operations
  • There may be other private procedures inside

6
Example IntSet
  • Consider a IntSet Data type that we wish to
    introduce in the language. It needs to have
  • Constructors to create the data-type from scratch
    or from other data types (e.g., lists, IntSets)
  • Operations include insert, remove, size and isIn
  • A specification of what the data type represents
  • Internal representation of the data type

7
IntSet Abstraction
  • public class IntSet
  • //OVERVIEW IntSets are mutable, unbounded sets
    of integers.
  • // A typical IntSet is x1, xn, where
    xi are all integeres
  • // Constructors
  • public IntSet()
  • //EFFECTS Initializes this to be the empty
    set
  • // Mutators
  • public void insert (int x)
  • // MODIFIES this
  • // EFFECTS adds x to the set this, i.e,
    this_post this u x
  • public void remove (int x)
  • // MODIFIES this
  • // EFFECTS this_post this - x
  • //Observers
  • public boolean IsIn(int x)
  • // EFFECTS returns true if x e this,
    false otherwise
  • public int size()
  • // EFFECTS Returns the cardinality of this

8
Group Activity
  • Consider the Polynomial data-type below. Write
    the specifications for its methods.
  • public class Poly
  • public Poly(int c, int n) throws NegException
  • public Poly add(Poly p) throws NPException
  • public Poly mul(Poly p) throws NPException
  • public Poly minus()
  • public int degree()

9
Learning Objectives
  • Define data abstractions and list their elements
  • Write the abstraction function (AF) and
    representation invariant (RI) of a data
    abstraction
  • Prove that the RI is maintained and that the
    implementation matches the abstraction (i.e., AF)
  • Enumerate common mistakes in data abstractions
    and learn how to avoid them
  • Design equality methods for mutable and immutable
    data types

10
Abstraction Versus Representation
  • Abstraction External view of a data type
  • Representation Internal variables to represent
    the data within a type (e.g., arrays, vectors,
    lists)

Abstraction
Representation
11
Example Representation
0
N
VectorltIntegergt elems of size N to represent an
IntSet
  • Vector directly holds the set elements
  • if integer e is in the set, there exists 0 lt i lt
    N, such that elemsi e
  • Vector is a bitmap for denoting set elements
  • If integer i is in the set, then elemsi True,
    else elemsi False

Can you tell how the representation maps to the
abstraction ?
12
Abstraction Function
  • Mathematical function to map the representation
    to the abstraction
  • Captures designers intent in choosing the rep
  • How do the instance variables relate to the
    abstract object that they represent ?
  • Makes this mapping explicit in the code
  • Advantages Code maintenance, debugging

13
IntSet Abstraction Function
  • Unsorted Array
  • Boolean Vector
  • AF ( c ) c.elemsi.intValue
  • 0 lt i lt c.elems.size
  • AF( c )
  • j 0 lt j lt 100
  • c.elemsj
  • The abstraction function is defined for concrete
    instances of the class c, and only includes the
    instance variables of the class. Further, it
    maps the elements of the representation to the
    abstraction.

14
Abstraction Function Valid Rep
  • The abstraction function implicitly assumes that
    the representation is valid for the class
  • What happens if the vector contains duplicate
    entries in the first scenario ?
  • What happens in the second scenario if the
    bitmap contains values other than 0 or 1 ?
  • The AF holds only for valid representations. How
    do we know whether a representation is valid ?

15
Representation Invariant
  • Captures formally the assumptions on which the
    abstraction function is based
  • Representation must satisfy this at all times
    (except when executing the ADTs methods)
  • Defines whether a particular representation is
    valid invariant satisfied only by valid reps.

16
IntSet Representation Invariant
  • Unsorted Arrays
  • Boolean Vector
  • c.elems / null
  • c.elems has no null elements
  • 3. there are no duplicates in c.elems i.e., for
    0lti, j ltN,
  • c.elemsi.intValue c.elemsj.intValuegt i
    j.
  • 1. c.elements / null
  • 2. c.elements.size maxValue

NOTE The types of the instance variables are NOT
a part of the Rep Invariant. So there is not need
to repeat what is there in the type signature.
17
Rep Invariant Important Points
  • Rep invariant always holds before and after the
    execution of the ADTs operations
  • Can be violated while executing the ADTs
    operations
  • Can be violated by private methods of the ADT
  • How much shall the rep invariant constrain?
  • Just enough for different developers to implement
    different operations AND not talk to each other
  • Enough so that AF makes sense for the
    representation

18
AF and RI How to implement ?
  • RI repOK
  • AF toString
  • Public method to check if the rep invariant holds
  • Useful for testing/debugging
  • public boolean repOK()
  • // EFFECTS Returns true
  • // if the rep invariant holds,
  • // Returns false otherwise
  • Public method to convert a valid rep to a String
    form
  • Useful for debugging/printing
  • public String toString( )
  • // EFFECTS Returns a string
  • // containing the abstraction
  • // represented by the rep.

19
Uses of RI and AF
  • Documentation of the programmers thinking
  • RepOK method can be called before and after every
    public method invocation in the ADT
  • Typically during debugging only
  • toString method can be used both during debugging
    and in production
  • Both the RI and AF can be used to formally prove
    the correctness of the ADT

20
Group Activity
  • Assume that the Polynomial data type is
    represented as an array trms and a variable deg.
    The co-efficients of the term xi are stored in
    the ith element of trms array, and the variable
    deg represents the degree of the polynomial
    (i.e., its highest exponent).
  • Write its abstraction function
  • Write its rep-invariant

21
Learning Objectives
  • Define data abstractions and list their elements
  • Write the abstraction function (AF) and
    representation invariant (RI) of a data
    abstraction
  • Prove that the RI is maintained and that the
    implementation matches the abstraction (i.e., AF)
  • Enumerate common mistakes in data abstractions
    and learn how to avoid them
  • Design equality methods for mutable and immutable
    data types

22
Reasoning about ADTs - 1
  • ADTs have state in the form of representation
  • Need to consider what happens over a sequence of
    operations on the abstraction
  • Correctness of one operation depends on
    correctness of previous operations
  • We need to reason inductively over the operations
    of the ADT
  • Show that constructor is correct
  • Show that each operation is correct

23
Reasoning about ADTs - 2
  • First, need to show that the rep invariant is
    maintained by the constructor operations
  • Then, show that the implementation of the
    abstraction matches the specification
  • Assume that the rep invariant is maintained
  • Use the abstraction function to map the
    representation to the abstraction

24
Why show that Rep Invariant is maintained ?
  • Consider the implementation of the IntSet using
    the unsorted vector representation. We wish to
    compute the size of the set (i.e., its
    cardinality).
  • public int size()
  • return elems.size()
  • Is the above implementation correct ?

25
Why show that Rep Invariant is maintained ?
  • Yes, but only if the Rep Invariant holds !
  • c.elems ! Null c.elems has no null elements
  • c.elems has no duplicates
  • Otherwise, size can return a value gt cardinality
  • public int size()
  • return elems.size()

26
Showing Rep Invariant is maintainedData Type
Induction
  • Show that the constructor establishes the Rep
    Invariant
  • For all other operations,
  • Assume at the time of the call the invariant
    holds for
  • this and
  • all argument objects of the type
  • Demonstrate that the invariant holds on return
    for
  • this
  • all argument objects of the type
  • for returned objects of the type

A Valid Rep
Function Body
Another Valid Rep
27
IntSet getIndex
Assume that IntSet has the following private
function. Note that private methods do not need
to preserve the RI.
  • private int getIndex( int x )
  • // EFFECTS If x is in this, returns
    index
  • // where x appears in the Vector elems
  • // else return -1 (do NOT throw an
    exception)
  • for (int i 0 i lt els.size( ) i )
  • if ( x elements.get(i).intValue()
    )
  • return i
  • return 1

28
IntSet Constructor
Show that the RI is true at the end of the
constructor
  • public IntSet( )
  • // EFFECTS Initializes this to be empty
  • elems new VectorltIntegergt()

RI c.elems ! NULL c.elems has no null
elements c.elems has no duplicates
Proof When the constructor terminates, Clause 1
is satisfied because the elems vector is
initialized by constructor Clause 2 is satisfied
because elems has no elements (and hence no null
elements) Clause 3 is satisfied because elems has
no elements (and hence no duplicates)
29
IntSet Insert
Show that if RI holds at the beginning, it holds
at the end.
  • public void insert (int x)
  • // MODIFIES this
  • // EFFECTS adds x to the set such that
    this_post this u x
  • if ( getIndex(x) lt 0 )
  • elems.add( new Integer(x) )

RI c.elems ! NULL c.elems has no null
elements c.elems has no duplicates
Proof If clause 1 holds at the beginning, it
holds at the end of the procedure. - Because
c.elems is not changed by the procedure. If
clause 2 holds at the beginning, it holds at the
end of the procedure - Because it adds a
non-null reference to c.elems If clause 3 holds
at the beginning, it holds at the end of the
procedure - Because getIndex() prevents
duplicate elements from being added to the vector
30
IntSetRemove
Show that if RI holds at the beginning, it holds
at the end.
  • pubic void remove(int x)
  • // MODIFIES this
  • // EFFECTS this_post this - x
  • int i getIndex(x)
  • if (i lt 0) return // Not found
  • elems.set(i, elems.lastElement() )
  • elems.remove(elems.size() 1)

RI c.elems ! NULL c.elems has no null
elements c.elems has no duplicates
31
IntSet Observers
Show that if RI holds at the beginning, it holds
at the end.
  • public int size()
  • return elems.size()
  • public boolean isIn(int x)
  • return getIndex(x) gt 0

RI c.elems ! NULL c.elems has no null
elements c.elems has no duplicates
This completes the proof that the RI holds in the
ADT. In other words, given any sequence of
operations in the ADT, the RI always holds at
the beginning and end of this sequence.
32
Group Activity
  • Consider the implementation of the Polynomial
    Datatype described earlier (also on the code
    handout sheet)
  • Show using data-type induction that the Rep
    Invariant is preserved

33
Are we done ?
  • Thus, we have shown that the RI is established by
    the constructor and holds for each operation
    (i.e., if RI is true at the beginning, it is true
    at the end). Can we stop here ?

No. To see why not, consider an implementation of
the operators that does nothing. Such an
implementation will satisfy the rep invariant,
but is clearly wrong !!!
To complete the proof, we need to show that the
Abstraction provided by the ADT is correct. For
this, we use the (now proven) fact that the RI
holds and use the AF to show that the rep
satisfies the AFs abstraction after each
operation.
34
Abstraction Function IntSet
  • Show that the implementation matches the ADTs
    specification (i.e., its abstraction)

Pre-Rep
Abstraction function
Given
Pre-Abstraction
Function Spec
Function Implementation
Abstraction function
Prove that
Post- Rep
Post-Abstraction
35
Abstraction Function Constructor
  • AF ( c ) c.elemsi.intValue 0 lt i lt
    c.elems.size

public IntSet( ) // EFFECTS
Initializes this to be empty
elems new VectorltIntegergt()
AF
Empty vector
Empty Set
Proof Constructor creates an empty set, so it is
correct.
36
Abstraction Function Size
  • AF ( c ) c.elemsi.intValue 0 lt i lt
    c.elems.size

public int size() // EFFECTS Returns the
cardinality of this return elems.size( )
AF
Number of elements in vector
Cardinality of the set (Why ?)
Proof Because the rep invariant guarantees that
there are no duplicates in the vector, the number
of elements in the vector denotes the cardinality
of the set.
37
Abstraction Function Insert
  • AF ( c ) c.elemsi.intValue 0 lt i lt
    c.elems.size

AF
public void insert (int x) // MODIFIES this
// EFFECTS adds x to the set // such that
this_post this U x if ( getIndex(x) lt
0 ) elems.add(new Integer(x))
Vector
this
Implementation
Vector with element added if and only if it did
not already exist
this_post this U x
AF
38
Abstraction Function Remove
  • AF ( c ) c.elemsi.intValue 0 lt i lt
    c.elems.size

Vector
this
public void remove (int x) // MODIFIES this
// EFFECTS this_post this - x
int i getIndex(x) if (i lt 0) return
// Not found // Move last element to
the index i elems.set(i,
elems.lastElement() ) elems.remove(elems.s
ize() 1)
Vector with first instance of element removed if
it exists
this_post this - x
39
Abstraction Function IsIn
AF ( c ) c.elemsi.intValue 0 lt i lt
c.elems.size
  • public boolean isIn(int x)
  • // EFFECTS Returns true if x belongs to
  • // this, false otherwise
  • return getIndex(x) gt 0

vector
this
True if and only if x is present in the vector
True if x belongs to this, False otherwise
40
Proof Summary
  • This completes the proof. Thus, weve shown that
    the ADT implements it spec correcltly. This
    method is called Data type induction, because
    it proceeds using induction.
  • Step 0 Write the implementation of the ADT
  • Step 1 Show that the RI is maintained by the ADT
  • Step 2 Assuming that the RI is maintained, show
    using the AF that the translation from the rep to
    the abstraction matches the methods spec.

41
Group Activity
  • Consider the implementation of the Polynomial
    Datatype described earlier (also on the code
    handout sheet)
  • Show that the ADTs implementation matches its
    specification assuming that the RI holds.

42
Learning Objectives
  • Define data abstractions and list their elements
  • Write the abstraction function (AF) and
    representation invariant (RI) of a data
    abstraction
  • Prove that the RI is maintained and that the
    implementation matches the abstraction (i.e., AF)
  • Enumerate common mistakes in data abstractions
    and learn how to avoid them
  • Design equality methods for mutable and immutable
    data types

43
Exposing the Rep
  • Note that the proof we just wrote assumes that
    the only way you can modify the representation is
    through its operations
  • Otherwise Rep invariant can be violated
  • Is this always true ?
  • What if you expose the representation outside the
    class, so that any outside entity can change it ?

44
Mistakes that lead to exposing the rep - 1
  • Making rep components public
  • public class IntSet
  • public VectorltIntegergt elements
  • Your rep must always be private. Otherwise, all
    bets are off.
  • Hopefully, your code will not have this bug .

45
Mistakes that lead to exposing the rep - 2
public class IntSet //OVERVIEW IntSets are
mutable, unbounded sets of integers. //
A typical IntSet is x1, xn private
VectorltIntegergt elems // no duplicates in
vector public VectorltIntegergt allElements ()
//EFFECTS Returns a vector containing the
elements of this, // each exactly
once, in arbitrary order return
elems intSet new IntSet() intSet.allElem
ents().add( new Integer(5) ) intSet.allElements()
.add( new Integer(5) ) // RI violated
duplicates !
46
Mistakes that lead to exposing the rep - 3
public class IntSet //OVERVIEW IntSets are
mutable, unbounded sets of integers. //
A typical IntSet is x1, xn private
VectorltIntegergt elems //constructors public
IntSet (VectorltIntegergt els) throws
NullPointerException //EFFECTS If els is
null, throws NullPointerException, else //
initializes this to contain as elements all the
ints in els. if (els null) throw new
NullPointerException() elems
els VectorltIntegergt someVector new
Vector() intSet new IntSet(someVector) someVec
tor.add( new Integer(5) ) someVector.add( new
Integer(5) ) // RI violated duplicates !
47
Summary of mistakes that expose the Rep
  1. NOT making rep components private
  2. Returning a reference to the reps mutable
    components
  3. Initializing rep components with a reference to
    an outside mutable object
  4. NOT performing deep copy of rep elements
  5. Use clone method instead
  6. Perform manual copies

48
Group Activity
  • For the polynomial example, how many mistakes of
    exposing the rep can you find. How will you fix
    them ? (refer to code handout sheet)

49
Learning Objectives
  • Define data abstractions and list their elements
  • Write the abstraction function (AF) and
    representation invariant (RI) of a data
    abstraction
  • Prove that the RI is maintained and that the
    implementation matches the abstraction (i.e., AF)
  • Enumerate common mistakes in data abstractions
    and learn how to avoid them
  • Design equality methods for mutable and immutable
    data types

50
Mutable objects
  • Objects whose abstract state can be modified
  • Applies to the abstraction, not the
    representation
  • Mutable objects Can be modified once they are
    created e.g., IntSet, IntList etc.
  • Immutable objects Cannot be modified
  • Examples Polynomials, Strings

51
Equality Equals Method
  • All objects are inherited from object which has a
    method Boolean equals(Object o)
  • Returns true if object o is the same as the
    current
  • Returns false otherwise
  • Note that equals tests whether two objects have
    the same state
  • If a and b are different objects, a.equals(b)
    will return false even if they are functionally
    identical

52
Equality IntSet Example
  • IntSet a new IntSet()
  • a.insert(1) a.insert(2) a.insert(3)
  • IntSet b new IntSet()
  • b.insert(1) b.insert(2) b.insert(3)
  • if ( a.equals(b) )
  • System.out.println(Equal)
  • What is printed by the above code ?

53
Equality IntSet Example
  • It prints nothing. Why ?
  • Because the intsets are different objects and the
    object.equals method only compares their hash
  • Therefore, a.equals(b) returns false
  • But this is in fact the correct behavior !
  • To see this, assume that you added an element to
    a but not b after the equals comparison
  • a.equals(b) would no longer be true, even if you
    have not changed the references to a or b

54
Rule of Object Equality
  • Two objects should be equal if it is impossible
    to distinguish between them using any sequence of
    calls to the objects methods
  • Corollary Once two objects are equal, they
    should always be equal. Otherwise it is possible
    to distinguish between them using some
    combination of the objects methods.

55
Mutability and the Equals Method
  • For mutable objects, you can distinguish between
    two objects by mutating them after the
    comparison. Therefore, they are NOT equal. The
    default equals method does the right thing
    i.e., returns false.
  • If the objects are immutable AND have the same
    state, then the equals method should return true.
    So we need to override the equals for immutable
    objects to do the right thing.

56
Immutable Abstractions
  • ADT does not change once created
  • No mutator methods
  • Producer methods to create new objects
  • Appropriate for modeling objects that do not
    change during their existence
  • Mathematical entities such as Rational numbers
  • Certain objects may be implemented more
    efficiently e.g., Strings

57
Why use immutable ADTs ?
  • Safety
  • Dont need to worry about accidental changes
  • Can be assured that rep doesnt change
  • Efficiency
  • May hurt efficiency if you need to copy the
    object
  • In some cases, it may be more efficient by
    sharing representations across objects e.g.,
    Strings
  • Ease of Implementation
  • May be easier for concurrency control

58
Equality Immutable objects
  • Immutable objects should define their own equals
    method
  • Return true if the abstract state matches, even
    if the internal state (i.e., rep) is different
  • Therefore, methods of an Immutable object can
    modify its rep, but not the abstraction
  • Such methods said to have benevolent side effects

59
Group Activity
  • Design an equals method for two polynomials. What
    will you do if the polynomials are not in their
    canonical forms ?

60
Learning Objectives
  • Define data abstractions and list their elements
  • Write the abstraction function (AF) and
    representation invariant (RI) of a data
    abstraction
  • Prove that the RI is maintained and that the
    implementation matches the abstraction (i.e., AF)
  • Enumerate common mistakes in data abstractions
    and learn how to avoid them
  • Design equality methods for mutable and immutable
    data types

61
To do before next class
  • Submit assignment 2 in the lab
  • Start working on assignment 3
  • Prepare for the midterm exam
  • Portions include everything covered so far
  • In class on Feb 28th
About PowerShow.com