Lecture 18 Behavioral Subtyping and Eiffel Must it be assumed that because we are engineers beauty is not our concern and that while we make our constructions robust and durable we do not also strive to make them elegant Is it not true that the genuine conditions of strength always comply with the secret conditions of harmony Gustav Eiffel CS655 Programming Languages University of Virginia David Evans Computer Science http www cs virginia edu evans Menu Behavioral Subtyping Recap and Example Eiffel s Type System Method overriding in C 29 March 2001 CS 655 Lecture 18 2 Subtype Definition S T 1 Subtype methods preserve the supertype methods behavior Signatures have contravariant arguments covariant results Pre conditions of T imply preconditions of S post conditions of S imply post conditions of T 2 Subtypes preserve supertype properties Invariant of S implies invariant of T Constraint of S implies constraint of T 29 March 2001 CS 655 Lecture 18 3 Subtype Relation 2 Preserves supertype Properties 2 Subtypes preserve supertype properties For all states p and q such that p precedes q for all x S Invariant Rule IS IT A xp xp Constraint Rule CS CT A xp xp A xq xq covariance subtype is stronger 29 March 2001 CS 655 Lecture 18 4 Example Liskov Wing showed stack bag Is bset bag bset specification on the Manifest bag in Liskov Wing Figure 1 29 March 2001 CS 655 Lecture 18 5 bset type uses BSet set for S for all s bset invariant max sp elements sp limit min sp elements 0 constraint sp limit sq limit insert proc i int requires i sp limit i 0 modifies s ensures spost limit spre limit spost elements spre elements i 29 March 2001 CS 655 Lecture 18 6 contains proc el int returns bool ensures result el s choose proc returns int requires spre elements modifies s ensures spost elements spre elements result result spre elements spost limit spre limit size proc returns int ensures result s elements equal proc t set returns bool ensures result s t 29 March 2001 CS 655 Lecture 18 7 Subtype Definition S T 1 Subtype methods preserve the supertype methods behavior Signatures have contravariant arguments covariant results Pre conditions of T imply preconditions of S post conditions of S imply post conditions of T 2 Subtypes preserve supertype properties Invariant of S implies invariant of T Constraint of S implies constraint of T 29 March 2001 CS 655 Lecture 18 8 Subtype Condition 1 Methods Rule Methods rule Pre condition contravariance subtype is weaker x s mT pre A xpre xpre mS pre Replace every xpre in mT pre with A xpre Abstraction function A s t Post condition covariance subtype is stronger mS post mT post A xpre xpre A xpost xpost 29 March 2001 CS 655 Lecture 18 9 We need an Abstraction Function A type is set of objects set of values set of methods bset Oset BSet insert contains choose size equal bag Obag BBag put get card equal We need an abstraction function that maps both to the same abstract type A BSet BBag BSet s elems s limit BBag s elems s bound s BSet A s s elems s limit Renaming R insert put R choose get R size card R equal equal 29 March 2001 CS 655 Lecture 18 10 Check method choose get 1 Preserves method behavior Signatures get proc returns int choose proc returns int Pre condition of get pre condition of choose x BSet get pre A xpre xpre choose pre bpre elems A bpre bpre spre elems s BSet A s s elements s limit so we can replace bpre elems with spre elems and the implication holds Post condition of choose post condition of get Can prove with similar renaming 29 March 2001 CS 655 Lecture 18 11 Check method insert put Signatures put proc i int insert proc i int Pre condition of put pre condition of insert x BSet put pre A xpre xpre insert pre A spre elems A spre bound i sp limit i 0 NO The subtype method has a stronger precondition so it is not a subtype 29 March 2001 CS 655 Lecture 18 12 Does this make sense Intuition subtype is unsafe if there is some program written for the supertype that can tell the difference Here s one put 999235 insert 999235 29 March 2001 CS 655 Lecture 18 13 uset bag A S T A Set BBag 8 s Set A s s Renaming R insert put R size card R choose get R equal equal Check method choose get same as bset 29 March 2001 CS 655 Lecture 18 14 Check method insert put Pre condition of put pre condition of insert x BSet put pre A xpre xpre insert pre true Post condition of insert post condition of put insert post put post A xpre xpre A xpost xpost spost elements spre elements i bpost elems bpre elems i bpost bound bpre bound A bpre bpre A bpost bpost recall A s s infinity so spost elems spre elems i infinity infinity 29 March 2001 CS 655 Lecture 18 15 Check Invariant Need to show IS IT A xp xp true bp elems bp bound A bp bp true s elements infinity elems s elements infinity bound true true Similar for constraint uset is a subtype of bag Yippee Except signature of equal should take a bag 29 March 2001 CS 655 Lecture 18 16 Summary Questions uset bset bset uset Does the Liskov Wing subtype relation definition match intuition Is it useful 29 March 2001 CS 655 Lecture 18 17 Eiffel and I Can t Get Up Eiffel s Type System Normal Procedure Type Rule f proc p1 P1 pn Pn returns X g proc p1 Q1 pn Qn returns Y Qi Pi forall i in 1 n X Y f g Procedures are contravariant on parameters covariant on results 29 March 2001 CS 655 Lecture 18 19 Eiffelling How can Girl override set roomate Covariance Eiffel set roommate Girl Skier set roommate Boy set roommate Skier Contravariance Sather set roommate Athlete Novariance C complicated Java Boy Girl set roommate Skier Athlete 29 March 2001 CS 655 Lecture 18 20 Can t Get Up Athlete Skier set roommate Skier Boy s skier g girl b boy s g s set roommate b Girl set roomate Girl 29 March 2001 CS 655 Lecture 18 21 Meyer s Excuse Strangely enough some workers in the field have been advocating a contravariant policy Here it would mean that if we go for example to class RANKED GIRL where the result of roommate is naturally redefined to be of type RANKED GIRL we may for the argument of routine share use type GIRL or rather scaringly SKIER of the most general kind One type that is never permitted in this case is RANKED GIRL Here is what under various mathematical excuses some professors have been promoting No wonder teenage pregnancies are on the rise 29 March 2001 CS 655 Lecture 18 22 What s wrong with Meyer s Rule Disallow polymorphic catcalls …