Code Contracts
-
Upload
alexei-skachykhin -
Category
Technology
-
view
184 -
download
3
description
Transcript of Code Contracts
DESIGN BY CONTRACTWITH CODE CONTRACTS
CONFESSION :(
Confession :(
“How many of you do write unit
tests?”
Confession :(
“How many of you do write documentation?”
Confession :(
“How many of you do write asserts?”
JUSTIFICATION :)
Justification :)THE GOOD PART
“At some extent all of these tools don`t work in a real
life.”- me
Justification :)WATCH OUT
DocumentationNo documentation is
better than bad documentation
//declare variable foo as an integer and //set it to three.private int foo = 3;
CODE SNIPPET
Justification :)WATCH OUT
Unit testsAre limited and
time consuming to support
[Test]public void PressEquals_AddingTwoPlusTwo_ReturnsFour(){ // Arrange decimal value1 = 2m; decimal value2 = 2m; decimal expected = 4m; var calculator = new Calculator();
// Act calculator.Enter(value1); calculator.PressPlus(); calculator.Enter(value2); calculator.PressEquals(); decimal actual = calculator.Display;
// Assert Assert.AreEqual(expected, actual, "When adding {0} + {1}, expected {2} but found {3}.", value1, value2, expected, actual);}
CODE SNIPPET
Justification :)WATCH OUT
AssertsMake little use for
calling code
public string Substring(int startIndex, int length)
CODE SNIPPET
public string Substring(int startIndex, int length){ if (startIndex < 0) throw new ArgumentOutOfRangeException("startIndex"); if (startIndex > this.Length) throw new ArgumentOutOfRangeException("startIndex"); if (length < 0) throw new ArgumentOutOfRangeException("length"); if (startIndex > this.Length - length) throw new ArgumentOutOfRangeException("length"); if (length == 0) return string.Empty; else return this.InternalSubStringWithChecks(startIndex, length, false);}
CODE SNIPPET
ConsequencesABANDONING
“If so, why wouldn`t I abandon all this crap?”
ConsequencesPROGRAMMING BY COINCIDENCE
“We should avoid programming by coincidence - relying on luck and accidental successes - in favor of
programming deliberately.”- Dave Thomas
Design by ContractWHAT IS IT?
“A way of designing software, which implies formal and precise specifications for software components with pre-conditions, post-conditions and invariants in source code
itself.”
Bertrand MeyerEIFFEL PL, 1986
Design by ContractEIFFEL
connect_to_server (server: SOCKET) -- Connect to a server. require server /= Void and then server.address /= Void do server.connect ensure connected: server.is_connectedend
CODE SNIPPET
class DATEinvariant valid_day: 1 <= day and day <= 31 valid_hour: 0 <= hour and hour <= 23end
CODE SNIPPET
Pre-conditions
Post-conditions
Invariants
Design by ContractRULES
Both parties must satisfy certain obligations, such as laws and regulations, applying to all contracts.
Metaphor : Client, Supplier agree on a Contract
1 The supplier must provide a certain product (obligation) and is entitled to expect that the client has paid its fee (benefit).
2 The client must pay the fee (obligation) and is entitled to get the product (benefit).
3
Design by ContractWHY?
“What are the benefits?”
Improved testability Runtime & Static Checking
Automatic generation of documentation
Discoverability of your API
Design by ContractIMPLEMENTATIONS FOR .NET
“Do we have similar concept in modern programming languages? Lets ask Microsoft.”
Microsoft Research
Code ContractsWHAT IS IT?
“Microsoft`s implementation of Design by Contract for .NET.
Proposed back in 2008.”
Code ContractsWHAT IS IT?
class WebService{ private IWarehouse store;
public WebService(IWarehouse store) { Contract.Requires(store != null); Contract.Ensures(this.store != null);
this.store = store; }
[ContractInvariantMethod] private void ObjectInvariant() { Contract.Invariant(this.store != null); }}
CODE SNIPPET
Pre-conditions
Post-conditions
Invariants
Code ContractsCOMPLETE API
“Mostly it is nice and easy, but occasionally it can be mind
blowing.”
Code ContractsCOMPONENTS
CCRewriteBinary Rewriter
CCCheckStatic Checker
CCDocGenXML Doc Extender
Code ContractsRUNTIME CHECKING
WebService.cs
WebService.dll
IL from body
IL from requires
IL from ensures
csc/vbc/… +ccrewrite
public WebService(IWarehouse store) {
}
this.store = store;
Contract.Requires(store != null);Contract.Ensures(this.store != null);
Code ContractsRUNTIME CHECKING (GENERAL CLIENTS)
WebService.cs
WebService.dll
IL from body
IL from requires
csc/vbc/… +ccrewrite
public WebService(IWarehouse store) {
}
this.store = store;
Contract.Requires(store != null);Contract.Ensures(this.store != null);
Code ContractsRUNTIME CHECKING (TRUSTED CLIENTS)
WebService.dll
IL from bodycsc/vbc/…
WebService.cs
public WebService(IWarehouse store) {
}
this.store = store;
Contract.Requires(store != null);Contract.Ensures(this.store != null);
Code ContractsDOCUMENTATION GENERATION
WebService.xml
WebService.Contracts.dll
IL from requires
IL from ensures
<member name="M:PDC.WebService.#ctor(PDC.IWarehouse)"><summary>Constructs a new instance for processing orders against the specified warehouse.</summary><param name="store">The warehouse this instance is to use. </param></member>
WebService.xml
<member name="M:PDC.WebService.#ctor(PDC.IWarehouse)"><summary>Constructs a new instance for processing orders against the specified warehouse.</summary><param name="store">The warehouse this instance is to use. </param><requires> store != null </requires><ensures> this.store != null </ensures></member>
ccdocgen
Code ContractsCONTRACT REFERENCE ASSEMBLIES
“Companion assemblies generated at compile time and contain only
contract portion of types.”
Code ContractsANNOYANCES
No way to execute post-conditions under lock statement
1 Static analysis is usually slow
2 Tools are failing from time to time
3
References
Code Contracts on MSDNhttp://msdn.microsoft.com/en-us/library/dd264808.aspx
Code Contractshttp://msdn.microsoft.com/en-us/magazine/ee236408.aspx
Code Contracts on Microsoft Researchhttp://research.microsoft.com/en-us/projects/contracts/
Code Contracts in C#http://www.infoq.com/articles/code-contracts-csharp
THANK YOU
Questions?