Y302: SOFTWARE ENGINEERING
Unassessed Coursework : Method
1.
calls.
Suppose that there is a correct implementation of the method Sum specified as follows:
//pre: x=x0 & y=y0;
//post: result = x+y;
int Sum(int x, int y).
i) Define the code of the following method Average, which returns the average of two
numbers Include suitable mid-conditions (if needed) and show that your implementation
computes the correct result.
//pre: x=x0 & y=y0;
//post: YOU FILL IT IN!
int Average(int x, int y).
ii) Implement your method Average using ESC/Java, by defining a class “TestAverage” with
an “abstract” (i.e. just the specification of Sum and its declaration) method definition for
Sum and your method Average in full.
2.
Suppose that there is a correct implementation of the method IntMax specified as follows:
//pre: x=x0 & y=y0;
//post:(result = x)||(result = y)) & (result>=x &
result>=y);
void IntMax(int x, int y).
i) Define the code of the following method Max3, which returns the maximum number out
of three numbers. Include suitable mid-conditions (if needed) and show that your
implementation computes the correct result.
//pre: x=x0 & y=y0;
//post: YOU FILL IT IN!
int Max3(int x, int y, int z).
ii) Implement your method Max3 using ESC/Java, by defining a class “TestMax3” with an
“abstract” (i.e. just the specification of IntMax and its declaration) method definition for
IntMax and your method Max3 in full.
3. Suppose that there is a correct implementation of the method Order2 specified as follows:
//pre: x=x0 & y=y0;
//post: (x<=y) & ((x=x0 & y=y0) || (x=y0 & y=x0))
void Order2(int x, int y){….}
i) Define the code of the following method Middle3, which returns the middle number out of
three given numbers. Include suitable mid-conditions, and show that your implementations
computes the correct result.
//pre: x=x0 & y=y0 & z=z0;
//post: YOU FILL IT IN!
int Middle3(int x, int y, int z);
ii) Implement the method Middle3 using the ESC/Java tool. Create only one single class
called Order, which includes Oder2 as an abstract method with its specification, and the
method middle3 (Hint: it is sufficient to use just two class variables, which will then have
the values of the first two parameters of Middle3).
4. Give a for loop implementation of the following methods and reason that the implementation
is correct:
i)
//pre: Sorted(A);
//post: result < = >  i.( 0<=i<=A.length-1 & A[i]=x);
Boolean IsIn(int[] A, int x)
ii)
//pre: A.length = B.length & A!=Null & B!=Null;
//post: i (0<=i<=A.length-1 => A[i]=B[i]);
void Copy(int[ ] A, int[ ] B)
Unassessed Coursework ANSWERS: Method
1.
i)
calls
//pre: x=x0 & y=y0;
//post: result = (x+y)/2;
int Average(int x, int y){
int sum;
sum = Sum(x,y); //* sum = x+y;
return sum/2;
}
At the beginning, the method Average has the pre-condition x=x0 & y=y0. In this case
there is no need for renaming the actual values of the variables x and y to evaluate the
pre-condition of Sum because there is no other operation before the call Sum. So the
actual values passed to Sum are still x0 and y0 and therefore the pre-condition of Sum is
trivially satisfied. So we still have that x=x0 & y=y0. After the call to Sum, the postcondition of Sum is “result = x+y”, which gives, after the assignment, the mid-condition
“sum = x+y”, satisfied. This trivially gives now that result = x+y/2, which is the postcondition of Average.
ii) See ESC/Java sample answer given in the file Average.java.
2.
i)
//pre: x=x0 & y=y0 & z =z0
//post: (result = x || result = y || result = z) & (result>=x & result >=y & result >=z);
int Max3(int x, int y, int z){
int temp;
temp = IntMax(x,y);
return IntMax(temp,z);
//* temp = x || temp = y;
}
At the beginning, the method Max3 has the pre-condition x=x0 & y=y0. For the first call
of intMax(x,y) there is no need to rename the actual values of the variables a and y, since
there is no operation before the call. So we have the post-condition of max(x,y), which is
(result = x)||(result = y)) & (result>=x & result>=y); this gives after the assignment the
mid-condition (temp = x)||(temp = y)) & (temp>=x & temp>=y). Before the second call of
IntMax, we have that its pre-condition becomes x=x1 & y=z0 & x1=temp; The postcondition after the execution of the second call becomes (result = x1)||(result = z)) &
(result>=x1 & result>=z). We have now that both the two post-conditions of the two calls
to IntMax hold:
(temp = x)||(temp = y)) & (temp>=x & temp>=y) & x1=temp.
(result = x1)||(result = z)) & (result>=x1 & result>=z).
We have the following cases: (result = x) & (result>= x & result >=y & result>=z), or
(result =y) & (result >=x & result>=y & result>=z), or (result = z) & (result >=x & result
>=y & result >=z), which is equivalent to the post-condition of Max3.
ii) See ESC/Java sample answer given in the file TestMax3.java
3.
i)
// pre: x=x0 & y=y0 & z=z0;
/* post: ((result = x) & (y<=x<=z or z<=x<=y)) ||
((result = y) & (x<=y<=z or z<=y<=x)) ||
((result = z) & (x<=z<=y or y<=z<=x)); */
int Middle3(int x, int y, int z){
Order2 (x,y);
if (z<=x)
return x;
else if (z>=y)
return y;
else
return z;
}
//* x<=y
//* z<=x & x<=y
//* result = x;
//* x<=y & y<=z & x<z
//* result = y
//* x<=y & x<z & z<y
//* result = z
To show that the pre-condition and the code of Middle3 satisfies its post-condition we
have to consider six cases corresponding respectively to the relative ordering of the
initial values x0, y0, and z0. We consider only the case where y0<= z0<= x0, and show
that the method call satisfies this post-condition. Since before Order 2 we don’t have
any other operation, we can avoid in this case to rename the variables x,y,z with
x1,y1,z1. We will simply refer to them with x,y,z, and their initial values x0, y0, and z0.
Since the pre-condition of Middle3 is identical to that of Order2, we can consider
directly how the post-condition looks like after the execution of Order2. As we are in the
case where x=x0 & y=y0 and y0<= z0<= x0 we can say that the post-condition of Order 2
after its call is (x<=y) & (x=y0 & y=x0 & z=z0). Therefore, the test z<=x (which is z0<=
y0) fails as will the test z>=y (which is z0>= x0). Hence, z=z0 is returned as result, which
is correct. In particular, since x<=z<=y, the part (result=z & (x<=z<=y or y<=z<=x)) of
the post-condition is true. The other cases are similar to this one and left to you as
exercise.
ii) See ESC/Java sample answer given in the file TestMiddle3.java
4.
i)
// pre: Sorted(A);
// post: result < = >  i.( 0<=i<=A.length-1 & A[i]=x);
boolean IsIn(int[ ] A, int x){
boolean isin = false;
for (0<=i;i<A.length;i++){
if (A[i] = x) isin = true;
}
return isin;
We show that result < = >  i.( 0<=i<=A.length-1 & A[i]=x). If result = true then for
some iteration I <=A.length-1 of the for loop, A[i]=x. But then  i.( 0<=i<=A.length-1 &
A[i]=x). If  i.( 0<=i<=A.length-1 & A[i]=x) then for whichever i makes this true, called
for instance I, for the Ith iteration of the for loop A[I]=x and isin = true, and so result =
true.
ii) //pre: A.length = B.length & A!=Null & B!= Null;
//post: i (0<=i<=A.length-1 => A[i]=B[i]);
void Copy(int[ ] A, int[ ] B){
for (int i = 0; i<A.length; i++){
B[i]=A[i];
}
}
We show that i (0<=i<=A.length-1 => A[i]=B[i]). If i<0 or i>=A.length than the antecedent
of the implication is false so the post-condition is true. If 0<=i<=A.length-1 then there is an
iteration of the loop in which A[i] is assigned to B[i] and this assignment is not undone in the
following iterations. Thus the sentence is true in those cases too and true for all integers i.