The Historical way to Object Orientation

This chapter gives a survey through the ideas of software engineering which lead to object orientation. Because of the mass of existing material this lecture can not be complete. But it follwos one line of ideas to illustrate some views and obstructions on the way of OO.

The result is that a lot of basic ideas (esp. the abstract data type) of object orientation had been in the minds of the theoreticers very early. But it needed a long time until these mostly intuitive ideas formed a concrete theory. A learning process which the traditional programmers now have to follow.

Structured Programming (1970)

The history of software engineering started at the end of the 1960's with the development of the structured programming method.

At that time the developers faced more and more the problem that they had to maintain code written by other developers which was nearly impossible to understand. So the people looked for an answer to the following questions:

How can you understand a program not written by yourself ?
Which structure must a program have such that it is understandable ?
How can the correctness of a program be proofed?

The last question might be important only for theoretical computer scientist. But this question about proofing correctness led to new ideas and methods in the whole history of software engineering and is therefore the most important one.

Jackson tried to solve the first problem by a bit strange method. His idea was that if you have a method by which every programmer writes the same code then every programmer can understand this code. He developed his method mainly from the work of Dijkstra.

Experience 1

Dijkstra gave the first stage of answers for these questions:

Dijkstra: Notes on Structured Programming

Dijkstra started by asking: 'Which Methods for Understanding do we have?.'

He listed the following:

1. Enumerative Reasoning

This means understanding by following the sequence of code step by step. Sequences and selections are checked by this method.

2. Induction

The method for proofing the correctness of loops.

3. Abstraction

This is the most powerful tool of understanding. Dijstra found two main tools for abstraction:

A variable is an abstraction from its value
A using a named operation on account of 'what it does' while completely disregarding 'how it works'

The next step in his thoughts was to find out how a program can be devided into 'understandable' subparts during the design step.

Flowcharts

can be used describing the sequence, selections and loops in a program. Especially sequence, selections and loops are the only allowed elements of a program. This rule lead to the disclosure of GoTo's. If a program contains a goto into a loop the behaviour of this loop cannot be checked any more by induction and is therefore not understandable.

Functional Decomposition

The abstraction of operation is done by decompose the program into subactions with one entry and one exit. To garantee the encapsulation of the algorithm of a subaction subroutines were introduced. The user of a subroutine must only know its input parameters and the promised output.

The practical results

The enumerative reasoning is very limited for a human. Jackson told in his courses on structured programming that a subroutine should not be larger than one output page. Even selections are sometimes difficult to understand by enumeration. Everybody worked with old code (10 years and older) will agree that it is hard work to check the result of an IF-THEN-ELSE group with more than 2 boolean expressions. The limit for understanding programs by emumeration lies approximately by 50 statements with max. 3 select dimensions.

The most practical hints in structured programming were given on the base of enumeration - the poorest tool we have.

The hints given to get an ideal functional decomposition were very vague.

How to do functional decomposition:

Formulate problem as a function B = F(A).
Refine this function into subfunctions.

The main questions answered during the decomposition process is: How do I get B from A ?

The typical examples were the realisation of mathematical algorithms on the computer. The example from Dijkstra:

Print the first 1000 prime numbers

Function to be computed: table of primes = F(1000).

The first decomposition step:

   DCL table P
     fill table P with 1000 primes  --> Program A
     print table P   --> Program B

Hints from Dijkstra:

Define the structure of P as late as possible.: This helps to be independent from the implementation of P.
make the easiest decision first and go on.: This might destroy a lot of good structure.

practical result:

The table P is an interface between program A and B.
This method leads to typical decomposition into Input-Process-Output.
all Data is used everywhere. Therefore there are no clear responsibilities.

virtual machines from Dijkstra

On the other hand Dijkstra had in his mind a view which look very much like the nowadays class libraries in object oriented programming. His vision was:

Every subaction is a virtual machine:
1. Local data of the subaction is the data in this machine.
2. Used subfunctions in the subaction are virtual machine instructions
Changing of code should be done by complete exchange of a virtual machine.
The programmer builds new applications by using subactions from a library of virtual machines

The definition of the virtual machine computing prime numbers was not too far away from a class definition:

COMPFIRST machine name

begin;
draw:(build, print) algorithm draw = build + print

var: image used data structure

instr: build(image), print(image) used instructions

end;


COMPFIRST machine name
begin;
draw:(build, print)	algorithm draw = build + print
var: image	used data structure
instr: build(image), print(image)	used instructions
end;

Ideas of Typing

Parallel to Dijkstra's ideas about the functional decomposition of programs Hoare thought about the structuring of data.

Design 1

Hoare: Notes on Data Structuring

Types

Hoare had the Idea that the programmer should not only be able to define own operations in form of subroutines but also own data types. A type in the sense of Hoare is like a class in a strongly typed language. A type has the following characteristica:

A type is a class of values (variable, expression).
Every value belongs to exactly one type (subtyping is very restrictive).
The type of a value is completely known at compile time, s.t. the compiler is able to check inconvenient use of variables.
Each operator expects operands of some fixed type and delivers a result of some fixed type. (no Polymorphism)
The properties of values of a type and its primitive operations are specified by axioms.
The type information is used in a high level language to detect meaningless constructions.

Example

  type colour =  (blue,red,white,yellow);

WITH Construct

For describing actions done with types Hoare introduced the 'with' construct.

  with sv do  S;

The block S may use internal names of the type sv.

Example


  with today do


   case m of
   { Sept: April: June: Nov:
     if day > 30 then goto invalid,
     Feb:

     if day > ( if (y /4)*4 = y then 29 else 28)
        then goto invalid,
     else do nothing };

Unfortunaltely Hoare thought of this 'with' statement only as a pseudo code statement for design purposes. At that time storage was rare and path length of code was optimized to be short as possible even if the programs were no more readable. Hoares idea was to put the 'with' construct as a comment before such an highly optimized and nonunderstandable piece of code.

Subtyping

Hoare even allowed a strong type of subtyping.

Example

   type figure = ( position: POINT; rect:R, tr: T, cir: C)

For every subtype exist different methods without operation name overloading which must be called in a sort of selection group.

   with afigure do


        { R: s_for_R,
          T: s_for_T,
          C: s_for_C };

Result

These Ideas of Hoare lead to user defined types in PASCAL without subtyping and WITH statement. The view for a need for language constructs helping structuring and decomposition of code was overlaid by the everyday problem writing code fitting into the rare storage and still working fast enough on slow processors.

Hoare, Dahl: Hierarchical Program Structures

Here the first time was stated that data and operations should be grouped together. Only the practical tools provided were still poor. They stated:

"Data and operations seem to be so closely connected in our mind, that it takes elements of both kinds to make up any concept useful for understanding computing processes."

Hoare and Dahl gave the following rules for decomposition of a program:

A program should be decomposed s.t.:

The parts can be coded and compiled independent from each other.
Interfaces should be minimal and simple.

For realisation of the second rule no practical help is given. The only tools for structuring programs at this time were blocks and procedures.

Intermezzo on SIMULA (1968)

Short Description of SIMULA

Parallel to all these theories Nygaard in Oslo had to solve a practical problem. He did simulations of real world things. He found that ALGOL60 the language he used lacked some constructs. So he decided in the late 1960's to extend ALGOL and constructed SIMULA which is called the first object oriented language -- even if one paradigm - the encapsulation - is not fully realisized in SIMULA.

SIMULA does not provide a clear distinction between inner and outer view of an object.

Classes in Simula

One thing Nygaard did not like in ALGOL was that all local data of a block vanished after its processing. So he constructed classes as ALGOL blocks whose block instances survive its call.

The terminology used in object oriented programming is the same introduced by Nygaard:

Objects: are instances of classes. Every time a class block (its function NEW) is processed an instance is created.
Attributes of a class: consists of local variables, procedures and their formal parameters
The function NEW: exist for every class and is the object generator.

SIMULA is strongly typed. Because the generated objects do not vanish automatically SIMULA needs a garbage collector.

Example:

This is example contains a class histogramm with methods tabulate(y) and frequency(i). Every object is initialisized automatically when the method new is executed by the code between the last method and the 'end of histogram' statement. The input parameters ( array X and integer n) for this initialisation are specified just after the class name.


 class histogram(X,n); array X; integer n;

 begin integer N, integer array T[0:n]; 

 procedure tabulate(y); real y;
   begin integer i;
    i:=0;
    while ( if i<n then y<x[i+1] else false)
     do i:= i+1;
    T[i] := T[i]+1; N:=N+1;
 end of tabulate;

 procedure frequency(i); integer i;
    frequency := T[i]/N;

 integer i;
 for i:=0 step 1 until n do T[i]:=0; N:=0;

 end of histogram

Example for class usage:


 weights :- new histogram(B,12)
 weights.tabulate(w)

The variable weights contains the histgram generated from the array B after new is executed. Next tabulate is executed on weights.

SIMULA does not provide encapsulation. Internal class attributes can be accessed from outside: X.A points to A in object X or calls procedure A of class X.

Subtyping in SIMULA

A Subclass B of a class A is defined by the statement:

  A class B

In a subclass only adding of attributes or procedures are allowed.

Data Abstraction --- Abstract Program

At this stage was a big gap beetween the theoretical based ideas of decomposition and data typing and the tools provided and the ideas of SIMULA. Further theoretical work lead to abstract data types.

Hoare: Proof on Correctness of Data Representations (1972)

Hoare asked an old question again: How can the correctness of a program be proofed. The base here are not understandable program parts but the data representation.

Data Representations

In his mind seem to be mostly solution of mathematical problems. His Idea was that the user has a abstract data representation of his program. The program itself can be written in terms of the modelled abstract space and its (mathematical) operations. The abstract space the program is formulated in consists of:

an abstract (mathematical) data model ( f.e. set of integers) and
abstract operations fi ( f.e. insert, remove, union, section).

The realisation of this abstract space - the data representation - consists of:

an implemented data model (f.e. array of integers with 100 elements) and
implemented (coded) operations pi.

The proof of the correctness of a program then can be done in two steps

Proof correctness of data representation (abstract space = space of concrete representation).
Proof correctness of abstract program.

The second part of the proof he considered to be trivial. Perhaps he thought this could always be done by common mathematical methods. At least he focused on the first step only.

Interesting is that in his examples he used SIMULA 67 notion. Without mentioning or using any features like subtyping. The example we will follow now through the rest of this article is the set of integers.

Example:

Smallintset with methods insert remove and has.


  class smallinset
    begin integer m; integer array A[1:100];

    procedure insert(i); integer i;
      begin integer j;
      for j:= 1 step 1 until m do
        if A[j]=i then goto end insert;
      m:=m+1;
      A[m]:=i;
    end insert;


    procedure remove[i]; integer i;
      begin integer j,k;
      for j:= 1 step 1 until m do
        if A[j]=i then
        begin for k:=j+1 step 1 until m do
             A[k-1] := A[k];
           m:=m-1;
           goto end remove;
        end;
    end remove: end remove;

    Boolean procedure has(i); integer i;
      begin integer j;
      has := false;
      for j:= 1 step 1 until m do
        if A[j] = i then
        begin
         has:=true; goto end contains;
        end;
    end contains: end has;

    m:=0;

    end smallintset

The Proof

It has to be proofed now that this implementation represents the mathematical set of intergers. This implementation has at least one precondition: The number of elements in the set may never be greater than 100. So the first step in the proof is:

Define axioms and invariants ( # of Elements <= 100).
Define pre- and post conditions for basis operations.

Note:

For defining axioms, pre- and post conditions Hoare uses his implementation of the datatype. He don't mention what has to done if you have a second Implementation of smallintset. For proofing correctness of the second implementation you have to

formulate axioms, pre- and post conditions for this implementation
proof that both implementations are equivalent or
proof correctness for the second implementation independent from the first one.

The proof that the data representation is correct is then done by:

find mapping F: data representation ---> abstract space array of integers ---> set of integers
proof fi(F) = F(pi)

Hoare give no hints how to check that all axioms, pre- and postconditions are complete and correct.

Practical Hints

Now we have checked that the data representation is correct. Are there any rules we have to look at when using this data representation? Yes, there is. We are only allowed to use the predefined interface. Otherwise by uncontrolled access from outside some behaviour will be added to the data representation which is not predefined and checked.

Precondition:

Local variables of a class are only changed inside the class.

==> Therefore a strong encapsulation of the class data is necessary. The only thing SIMULA did not provide.

Remarks:

His theoretical conclusions fit exactly into what object oriented programming will provide later. Astonishing is therefore Hoare's hint to implement m the number of elements as public variable which destroys the encapsulation totaly.

Design 2

Abstract Datatypes (1975)

The next step is to think about an data modeling independent from any implementation. This lead to the theory of abstract data types.

The problems the people hoped to solve were:

Algebraic specification of abstract datatypes via signatures shall garantee an datatype definition independant from any implementation. But implementation examples might be helpful for documentation and further understanding of the data type.
The abstract algebraic description contains only the user view of the datatype. This leads to a strong division of user view and implementor view ( interface and implementation).
The hope is by defining a type independent from an implementation to minimize the interfaces such that the datatypes are usable more general (reuse).

A Datatype consists of

declaration of used types
declaration of operations
Axioms for specifying behaviour of operations

Example: Set of Integers

 spec Set is
  uses  Bool, Int
  sorts Set

  operations:


      empty :            --> Set,
      insert:  Set x Int --> Set,
      is_empty:  Set     --> Bool,
      is_elem: Set x Int --> Bool


  Axioms:  s: Set, x,y: Int


      is_empty(empty) = true,
      is_empty(insert(s,x)) = false,
      is_elem(empty,x) = false
      x=y ==>
       is_elem(insert(s,x),y) = true
      ^(x=y) ==>
       is_elem(insert(s,x),y) = is_elem(s,y)


  endspec

Completeness of Axioms

If we look at the example above the following questions come up:

How can I proof that my axioms are complete ?
Are f.e. the set described above and an array different ?

Note:

In these axioms there is none from which we conclude that true ^= false. So theoretically we could take a one element set for Bool which surely would contradict to our intuitively idea of a set. Therefore the axiom true ^= false should be added.

An other Idea solving this problem is restrict the type Bool to an abstract datatype which contains the axiom true ^= false. But this solution was not handled at this stage of theory. The aim here is to define everything what is necessary in the datatype, even axioms for used data types. Remind: Any decision about the usage of a type is a decision of implementation and should be made at a later point. So by defining axioms for used datatypes you can decide later which set you want to use for Bool.

There are no axioms necessary for Int. So our specification for Set really is a specification for every Set. Every decision about Int is a refinement towards implementation.

Goguen, Thatcher, Wagner 1975

In their paper Goguen, Thatcher and Wagner proofed that the specification of an abstract datatype is equivalent to the specification of a signature. A signature consists of the names of used data types and the names of operations. Additionaly a set E of Equations written in terms of the specification might be added. These are Axioms which define a equivalence relation on the signature.

You can say the signature defines the language which will be used when working with the data type.

Algebras over a signature can be viewed as implementtations of a datatype (not necessarily on a computer -- they might only be examples).

By choosing for every used data type in the signature a set and for each operation an algorithm we get an algebra A for the specification of Set.

Example:

A(Bool) = {true,false}
A(Int) = Natural numbers
A(Set) = Int* X Int = infinite array of Integer; # of elements
empty = (0,0)
insert:((a,m),x) -->(a',m+1); a'(m+1)=x, a(i)=a'(i) for i<=m
is_empty:(a,m) --> m>0

Definitions

Here I will give a rough repetition of definitions:

Def. Signature

A S - Signature Sigma over a Set S is a Set of operator names Sigma(w,s), where w is a string of elements of S. If w is an empty string sigma in Sigma(w,s) is a constant in s.

When defining a datatype S will be the set of used types {Bool, Int, Set in our example}.

empty -> Sigma(,Set) for w = empty
insert -> Sigma(w,Set) for w = Set,Int
is_elem -> Sigma(w,Bool) for w = Set,Int
is_empty -> Sigma(w,Bool) for w = Set

Def. Specification

A specification D = ( Sigma, E) consists of a signature Sigma and a Set of axioms E.

A D-algebra is used as a semantic for the datatype.

Def. S-Sigma Algebra A

A Sigma algebra A consists of a family of sets A(s) for all s in S an for every sigma in Sigma(w,s) there exist a function
sigma(A): A(t₁) x A(t₂) x ...---> A(s). t_i out of w.

Def. D-Algebra A

Let D = ( Sigma, E) be a specification. If for a Sigma algebra A all Axioms in E hold, A is called a D-Algebra.

In the article fron Goguen, Thatcherand Wagner the set of axioms E are equations. But in general theory and in praxis E contains also inequalties and logical expressions.

Every Implementation of a datatype is a D- or sigma algebra if D or sigma is the specification of the data type.

Lemma:

The set of D- or Sigma algebras (D-alg or Sigma-alg) form a category. D-alg =Sigma-alg/E

Def. Morphism beetween D- or Sigma Algebras

Let A and B be D- or Sigma Algebras. A morphism H: A --> B consists of a family of morphism h(s): A(s) --> B(s) s.t. sigma(B) * H = h(s) * sigma(A)

Def. Isomorphism beetween D- or Sigma Algebras

A morphism H: A --> B is called Isomorhism, if there exists a morphism G: B --> A s.t. H*G = ID(B) and G*H = ID(A). Then the D- or Sigma algebras A and B are called isomorphic.

Def. Abstract Datatype

An abstract Datatype is a initial Object I in the Category of D-Algebras. For every D-algebra A there exists exactly one morphism H: I --> A.

The isomorhism class of an abstract datatype is unique for every Specification.

The initial Object of an D-algebra is used as a standard semantic for working with the specification D.

The initial Object of an Sigma algebra is constructed out of all possible Terms in this algebra. So intuitively an abstract datatype of an Specifcation consists of all expressions in the language defined by this specification.

Under special conditions there exists also a final object in the category of D-algebras ( Only special forms of Axioms are allowed).

Def. final object of a category

A object B (also called classifying space) in a category is called final object when for every object A in the category there exist exactly one morphism f(A): A --> B.

This morphism is called classifying map for A in the category. If a final object B exists its isomorhism class is unique in the category.

For Sigma Algebras or specifications which axioms consists of equations only this final Object is trivial and therefore not interesting. But in more general Specifications or special notions for databases the final object becomes interesting too. In Specifications wich contain inequalities the so called final semantic is used for describing errorhandling.

Compare differnt Implementations (Algebras)

What happens if there exist different implementations of the same datatype? Let us imagine an implementation B of Set in old Babylonia:

B(Bool) = {yes,no}
B(Int) = markes for stones
B(Set) = Pot
empty = empty Pot
insert:(pot,s) -->through s into pot
is_empty(pot) = is there any stone in the pot?
is_elem (pot,x) = is there a stone with mark x is in pot?

H: A->B

h(BOOL): true -> yes; false -> no
h(Int) : n -> stone with mark n
h(Set) : a,m -> pot which contains for every 0<i<=m a stone marked with a(i) and contains no stone for m=0

If there exists a map G which transforms B back to A then the Algebras A and B are called isomorhic. Isomorphic Algebras differ mainly in the implementations (algorithms) of their operations.

Note:

You can think of an Implementation C of Set, where C(Set) consists only of an infinite array without an extra variable which contains the number of elements in the set. The last element in the array is always a special character '*' for 'undefined element', which must of course not be element of C(Int).

C(Bool) = {true,false}
C(Int) = Natural numbers
C(Set) = Int* = infinite array of Integer;
empty = ('*')
insert:(a,x) +-->(a'); m =smallest Index s.t. a(m)='*' then a'(m)=x, a(i)=a'(i) for i<=m, a(m+1)='*'
is_empty((a)) = a(1)='*'

The algebras A and C are isomorphic.

The initial object is the abstract datatype

The target is now to find a standard algebra which can be used as a semantic for our data type to be independent from any implementation. In this abstract programs could be written without knowing the internal details of the datatype Fortunatlely such a standard algebra exists. It is formed out of all possible expressions of the specification.

Object Orientation (1980)

The abstract datatypes form the theoretic base of object orientation. Important paradigmen ( encapsulation, user- and implementor view, minimal interfaces) are already formulated. SIMULA provides already partial practical help for realizing these paradigmen. In Object Orientated Programming all these ideas come together and are extended by inheritence.

Parallel to the development of the theory of abstract data types the developement of languages went on:

1967 SIMULA 67
1972 SMALLTALK 72
1980 SMALLTALK 80 - MODULA2 - ADA
198x EIFFEL ( from ADA and Smalltalk)
198x lots of OO Versions of classical languages

Beside the possibility of encapsulating classes and their methods they provide helps for Reuse and hierarchical Data structuring:

Dynamic binding, polymorphism
Inheritance

Literature

(1) B Dahl, Hoare, Dijkstra: Structured Programming; Academic Press
(2) Dijkstra: GOTO Statement Considered Harmful; Comm. of the ACM (11) March 1968
(3) With: Program Development by stepwise Refinement; Comm. of the ACM (14) April 1971
(4) Dahl, Nygaard: Class and Subclass Declarations; in: Simulation Programming Languages; Noth Holland 1968
(5) Dahl, Nygaard: History of Simula; in: History of Programming Languages; Academic Press 1981
(6) Hoare C.A.R.: Proof of Correctness of Data Representations; in: Acta Informatica (1) 1972 pp 271-281
(7) Goguen, Thatcher, Wagner: An Initial algebra Approach to the Specifcation, Correctness and Implementation of Abstract Datatypes; 1975