PowerPoint PresentationMenuSubtype Definition (S  T)Subtype Relation 2: Preserves supertype PropertiesExampleSlide 6Slide 7Slide 8Subtype Condition 1: Methods RuleWe need an Abstraction FunctionCheck method choose  get 1. Preserves method behavior.Check method insert  putDoes this make sense?uset  bag?Check method insert  putCheck InvariantSummary QuestionsEiffel and I Can’t Get UpNormal Procedure Type RuleEiffellingCan’t Get Up?Meyer’s ExcuseWhat’s wrong with Meyer’s Rule?What does C++ really do?Slide 25ResultSome C++ FactsSlide 28Slide 29Slide 30Emailing ExpertsSlide 32ChargeDavid Evanshttp://www.cs.virginia.edu/~evansCS655: Programming LanguagesUniversity of VirginiaComputer ScienceLecture 18: Behavioral Subtyping and Eiffel Must it be assumed that because we are engineers beauty is not our concern, and that while we make our constructions robust and durable we do not also strive to make them elegant?Is it not true that the genuine conditions of strength always comply with the secret conditions of harmony?Gustav Eiffel29 March 2001 CS 655: Lecture 18 2Menu•Behavioral Subtyping Recap and Example•Eiffel’s Type System•Method overriding in C++29 March 2001 CS 655: Lecture 18 3Subtype Definition (S  T)1. Subtype methods preserve the supertype methods’ behavior:•Signatures have contravariant arguments, covariant results•Pre-conditions of T imply preconditions of S; post-conditions of S imply post-conditions of T.2. Subtypes preserve supertype properties•Invariant of S implies invariant of T.•Constraint of S implies constraint of T.29 March 2001 CS 655: Lecture 18 42. Subtypes preserve supertype propertiesFor all states p and q such that p precedes q, for all x: S:Invariant Rule IS  IT [ A (xp) / xp]Constraint Rule CS  CT [A (xp) / xp, A (xq) / xq ]“covariance – subtype is stronger”Subtype Relation 2: Preserves supertype Properties29 March 2001 CS 655: Lecture 18 5Example•Liskov & Wing showed stack  bag•Is bset  bag?–bset specification on the Manifest–bag in Liskov & Wing, Figure 129 March 2001 CS 655: Lecture 18 6bset = typeuses BSet (set for S)for all s: bsetinvariant max(sp.elements) <= sp.limit, min (sp.elements) >= 0.constraint sp.limit = sq.limitinsert = proc (i: int) requires i <= sp.limit  i >= 0.modifies sensures spost.limit = spre.limit  spost.elements = spre.elements  {i}29 March 2001 CS 655: Lecture 18 7contains = proc (el: int) returns (bool)ensures result = el  schoose = proc () returns (int)requires spre.elements  {} modifies sensures spost.elements = spre.elements – { result }  result  spre.elements  spost.limit = spre.limit size = proc () returns (int)ensures result = | s.elements |equal = proc (t: set) returns (bool)ensures result = (s = t)29 March 2001 CS 655: Lecture 18 8Subtype Definition (S  T)1. Subtype methods preserve the supertype methods’ behavior:•Signatures have contravariant arguments, covariant results•Pre-conditions of T imply preconditions of S; post-conditions of S imply post-conditions of T.2. Subtypes preserve supertype properties•Invariant of S implies invariant of T.•Constraint of S implies constraint of T.29 March 2001 CS 655: Lecture 18 9•Methods rule:–Pre-condition x : smT.pre [ A (xpre) / xpre ]  mS.preReplace every xpre in mT.pre with A (xpre).Abstraction function, A : s  t.–Post-condition mS.post  mT.post [A (xpre) / xpre, A (xpost) / xpost]Subtype Condition 1: Methods Rule“contravariance – subtype is weaker”“covariance – subtype is stronger”29 March 2001 CS 655: Lecture 18 10We need an Abstraction Function A type is: < set of objects, set of values, set of methods >bset = <Oset, BSet, { insert, contains, choose, size, equal } > bag = <Obag, BBag, { put, get, card, equal } > •We need an abstraction function that maps both to the same abstract type:A : BSet  BBag BSet: < s.elems, s.limit > BBag: < s.elems, s.bound > s : BSet A (s) = < s.elems, s.limit >•Renaming: R(insert) = put, R(choose) = get, R(size) = card, R(equal) = equal29 March 2001 CS 655: Lecture 18 11Check method choose  get1. Preserves method behavior.•Signatures: get = proc () returns (int); choose = proc () returns (int)•Pre-condition of get  pre-condition of choosex : BSet get.pre [ A(xpre) / xpre ]  choose.pre bpre.elems  {} [A(bpre) / bpre ]  spre.elems  {}s : BSet; A (s) = < s.elements, s.limit > so we can replace bpre.elems with spre.elems and the implication holds. •Post-condition of choose  post-condition of get–Can prove with similar renaming29 March 2001 CS 655: Lecture 18 12Check method insert  put•Signatures: put = proc (i: int); insert = proc (i: int)•Pre-condition of put  pre-condition of insertx : BSet put.pre [ A(xpre) / xpre ]  insert.pre| A(spre).elems | < A(spre).bound  i <= sp.limit  i >= 0•NO! The subtype method has a stronger pre-condition, so it is not a subtype.29 March 2001 CS 655: Lecture 18 13Does this make sense?•Intuition: subtype is unsafe, if there is some program written for the supertype that can tell the difference•Here’s one:put (999235);  insert (999235);29 March 2001 CS 655: Lecture 18 14uset  bag?•A : S  T•A : Set  BBags : Set; A (s) = < s, >•Renaming:–R(insert) = put R(choose) = get–R(size) = card R(equal) = equal•Check method choose  get (same as bset)829 March 2001 CS 655: Lecture 18 15Check method insert  put •Pre-condition of put  pre-condition of insertx : BSet put.pre [ A(xpre) / xpre ]  insert.pre = true•Post-condition of insert  post-condition of putinsert.post  put.post [ A(xpre) / xpre, A(xpost) / xpost](spost.elements = spre.elements  { i }) (bpost.elems = bpre.elems  { i }  bpost.bound = bpre.bound) [ A(bpre) / bpre, A(bpost) / bpost] recall: A (s) = < s, infinity>so (spost.elems = spre.elems  { i }  infinity = infinity29 March 2001 CS 655: Lecture 18 16Check Invariant•Need to show: IS  IT [ A(xp) / xp]true  (| bp.elems | <= bp.bound) [ A(bp) / bp]true  (| <s.elements, infinity>.elems | <= <s.elements, infinity>.boundtrue  true•Similar for constraint•uset is a subtype of bag! Yippee!(Except: signature of equal should take a bag!)29 March 2001 CS 655: Lecture 18 17Summary Questions•uset  bset?, bset  uset?•Does the Liskov/Wing subtype relation definition match intuition?•Is it useful?Eiffel and I