Design by Contract Jerry Fitzpatrick

Slides:



Advertisements
Similar presentations
Design by Contract.
Advertisements

Building Bug-Free O-O Software: An Introduction to Design By Contract A presentation about Design By Contract and the Eiffel software development tool.
Carlos D. Rivera February 28, 2007 Design-by-Contract.
Exceptions CSE301 University of Sunderland Harry Erwin, PhD.
1 Computer Science 340 Software Design & Testing Inheritance & Design By Contract.
Chair of Software Engineering OOSC - Summer Semester Object-Oriented Software Construction Bertrand Meyer.
Data Abstraction II SWE 619 Software Construction Last Modified, Spring 2009 Paul Ammann.
1 Design by Contract Building Reliable Software. 2 Software Correctness Correctness is a relative notion  A program is correct with respect to its specification.
-5- Exception handling What is an exception? “An abnormal event” Not a very precise definition Informally: something that you don’t want to happen.
Software Testing and Quality Assurance
Chair of Software Engineering ATOT - Lecture 12, 12 May Advanced Topics in Object Technology Bertrand Meyer.
Karlstad University Computer Science Design Contracts and Error Management Design Contracts and Errors A Software Development Strategy (anpassad för PUMA)
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Chapter 1 Principles of Programming and Software Engineering.
1 Introduction to: Design by Contract Fall 2005 OOPD John Anthony.
Eiffel Language and Design by Contract Contract –An agreement between the client and the supplier Characteristics –Expects some benefits and is prepared.
Adding Contracts to Ada Ehud Lamm Adding Design By Contract to Ada.
1 © Wolfgang Pelz Design by Contract Design by Contract™ Based on material drawn from: Bertrand.
Computer Science 340 Software Design & Testing Design By Contract.
Ranga Rodrigo. Class is central to object oriented programming.
PRAGMATIC PARANOIA Steven Hadfield & Anthony Rice.
© Bertrand Meyer and Yishai Feldman Notice Some of the material is taken from Object-Oriented Software Construction, 2nd edition, by Bertrand Meyer (Prentice.
1 Debugging and Testing Overview Defensive Programming The goal is to prevent failures Debugging The goal is to find cause of failures and fix it Testing.
SWE 619 © Paul Ammann Procedural Abstraction and Design by Contract Paul Ammann Information & Software Engineering SWE 619 Software Construction cs.gmu.edu/~pammann/
Low-Level Detailed Design SAD (Soft Arch Design) Mid-level Detailed Design Low-Level Detailed Design Design Finalization Design Document.
Introduction CS 3358 Data Structures. What is Computer Science? Computer Science is the study of algorithms, including their  Formal and mathematical.
90-723: Data Structures and Algorithms for Information Processing Copyright © 1999, Carnegie Mellon. All Rights Reserved. 1 Lecture 1: Introduction Data.
1 Devon M. Simmonds, Computer Science Department Design by Contract Devon M. Simmonds Computer Science Department University of North Carolina, Wilmington.
ANU COMP2110 Software Design in 2003 Lecture 10Slide 1 COMP2110 Software Design in 2004 Lecture 12 Documenting Detailed Design How to write down detailed.
L13: Design by Contract Definition Reliability Correctness Pre- and post-condition Asserts and Exceptions Weak & Strong Conditions Class invariants Conditions.
SWE 4743 Abstract Data Types Richard Gesick. SWE Abstract Data Types Object-oriented design is based on the theory of abstract data types Domain.
Karlstad University Computer Science Design Contracts and Error Management External and internal errors and their contracts.
Defensive Programming CNS 3370 Copyright 2003, Fresh Sources, Inc.
CSSE501 Object-Oriented Development. Chapter 10: Subclasses and Subtypes  In this chapter we will explore the relationships between the two concepts.
DBC NOTES. Design By Contract l A contract carries mutual obligations and benefits. l The client should only call a routine when the routine’s pre-condition.
Object Design More Design Patterns Object Constraint Language Object Design Specifying Interfaces Review Exam 2 CEN 4010 Class 18 – 11/03.
Chapter 1 The Phases of Software Development. Software Development Phases ● Specification of the task ● Design of a solution ● Implementation of solution.
Design by Contract. The Goal Ensure the correctness of our software (correctness) Recover when it is not correct anyway (robustness) Correctness: Assertions.
© Bertrand Meyer and Yishai Feldman Notice Some of the material is taken from Object-Oriented Software Construction, 2nd edition, by Bertrand Meyer (Prentice.
Principles of Programming & Software Engineering
Eighth Lecture Exception Handling in Java
Class Invariants Class invariants are logical conditions to ensure the correct working of a class. Class invariants must hold true when an object is created,
Design by Contract Jim Fawcett CSE784 – Software Studio
Design by Contract Jim Fawcett CSE784 – Software Studio
Used to help understand requirements more completely
C++ Plus Data Structures
Arab Open University 2nd Semester, M301 Unit 5
CSE 374 Programming Concepts & Tools
Principles of Programming and Software Engineering
About the Presentations
Design by Contract in Python: Present and Future Aaron Bingham
Design by Contract Fall 2016 Version.
Software Construction
Introduction to Data Structures
Numeric Accuracy and Precision
Programming Languages 2nd edition Tucker and Noonan
Design by contract Object-Oriented Software Construction by Bertrand Meyer, Prentice Hall The presence of a precondition or postcondition in a routine.
Design by contract Object-Oriented Software Construction by Bertrand Meyer, Prentice Hall The presence of a precondition or postcondition in a routine.
Data Structures and Algorithms for Information Processing
IMPORTANT NOTE Some parts of these section slides deal with null ints. This was a mistake, as primitives cannot be null. These issues have been corrected.
Go to pollev.com/cse143.
The Recursive Descent Algorithm
Assertions References: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 4/25/2019.
SWE 619 Last modified Fall 2007 Saket Kaushik, Paul Ammann
Computer Science 340 Software Design & Testing
Software Specifications
Programming Languages 2nd edition Tucker and Noonan
Software Construction
Design by Contract – Exceptions
Design Contracts and Errors A Software Development Strategy
Presentation transcript:

Design by Contract Jerry Fitzpatrick Design by Contract is another best practice that many developers are not aware of.

Background Design by Contract (DbC) is a technique for building software DbC was developed by Dr. Bertrand Meyer First described in articles written in1986 Fully described in his book Object Oriented Software Construction, published in 1988 To a large degree, DbC is rooted in earlier work by the computer scientists – Edsgar Dijkstra C.A.R. “Tony” Hoare … and others Developers should refer to Bertrand Meyer’s landmark book “Object Oriented Software Construction”. Meyer carefully studied Hoare and Dijkstra’s work, particularly with regard to provably correct software. I was fortunate to be taught Design by Contract by Dr. Meyer personally. This short presentation cannot fully explain the benefits of Design by Contract, nor how to implement it correctly. Instead, Dr. Meyer is also the creator of the Eiffel programming language. Eiffel is perhaps the only language that has DbC constructs built into it. Copyright 2009 Software Renovation Corporation. All rights reserved.

Benefits Although the use of DbC is still not widespread, its benefits are hard to ignore It’s a very sensible and convincing approach to software development that leads to – Smaller code size Less complexity Increased reliability Simpler debugging Higher productivity Copyright 2009 Software Renovation Corporation. All rights reserved.

The Contract Metaphor DbC can be explained in terms of real-world contracts in which each party has obligations and benefits The various functional parts of a software system interact with one another From the perspective of a contract, we can say that – Each module provides one or more services (benefits) Other modules use services, but must use them properly (obligations) Often called a producer/consumer or client/server relationship Copyright 2009 Software Renovation Corporation. All rights reserved.

Benefits and Obligations A provider offers specific benefits given stated conditions A consumer agrees to meet those conditions in order to use the provider’s services This formal agreement is important because it – Documents the responsibilities of providers and consumers Eliminates redundant error checking and error handling Makes code easier to understand and more reliable Bjarne Stroustrup mentioned the importance of an “articulated” error handling strategy with respect to Clean Code. Copyright 2009 Software Renovation Corporation. All rights reserved.

Contract Conditions DbC defines three basic contract conditions – Preconditions Postconditions Class invariants These conditions are implemented as code inside of functions, methods or properties Generically called “routines” Copyright 2009 Software Renovation Corporation. All rights reserved.

Preconditions A precondition is a constraint that a routine requires in order to work correctly The constraint applies to any use of the routine Examples – Input value to a square root routine must not be negative A ‘Remove’ routine must not be called on an empty stack The consumer (client) – not the routine (provider) – is responsible for meeting all of the preconditions A routine has no obligations if any precondition is violated An important point which some developers have trouble accepting The importance of the fourth point (the routine’s obligations) cannot be over-emphasized. A developer who cannot accept this premise will usually make the code messy with redundant “error checking” and “error handling” code to make the routine “bullet-proof”. This is simply an attempt to overcome the fact that the consumer/client has not fulfilled their part of the contract. Instead of being helpful, this style of coding increases code size and complexity and muddies the responsibilities of the consumer and provider. Copyright 2009 Software Renovation Corporation. All rights reserved.

Postconditions A postcondition is a constraint on the results produced by a routine The routine itself must fulfill the obligations defined by its postconditions Examples – The value computed by a square root routine must be non-negative After executing a list ‘Add’ method, the list must not be empty Copyright 2009 Software Renovation Corporation. All rights reserved.

Class Invariants A class invariant is a constraint on object state that must be preserved by each of its methods Ensures the overall integrity or consistency of an object Example – In a list object, there is a connection between the Empty state and the list’s element count – Empty can only be true when the element count is zero Copyright 2009 Software Renovation Corporation. All rights reserved.

Rules for Inheritance Subclasses may weaken, but not strengthen preconditions Subclasses may strengthen, but not weaken postconditions or class invariants These rules complement the Liskov Substitution Principle Basically, they help ensure that substitution is possible Copyright 2009 Software Renovation Corporation. All rights reserved.

Implementing Contracts DbC is built into the Eiffel programming language DbC concepts can be simulated in other languages to some extent Example: In C++, a ‘const’ method cannot modify the state of its object This is an implicit class invariant condition The simulation in other languages is generally less complete and less sophisticated than in Eiffel. Copyright 2009 Software Renovation Corporation. All rights reserved.

Assertions In many languages, “assertions” can be used to implement DbC constraints _ASSERT() macro in native C++ Debug.Assert() in C# Assertions do not implement all DbC features Copyright 2009 Software Renovation Corporation. All rights reserved.

Assertion Violations An assertion violation always means that there is a bug in the software Though the assertion may contain the bug if implemented incorrectly A precondition violation means that there is a bug in the consumer (client) A postcondition violation means that there is a bug in the producer (service) Copyright 2009 Software Renovation Corporation. All rights reserved.

Postcondition Example Contract: The SquareRoot() method guarantees that the returned value is always non-negative double SquareRoot(double x) { double root = 0.0; … calculation … Debug.Assert(root >= 0.0) return root; } An explanation of what Debug.Assert() does might be helpful to people who aren’t familiar with it. Copyright 2009 Software Renovation Corporation. All rights reserved.

Precondition Example Contract: The SquareRoot method will return the square root of x only if x is non-negative. The SquareRoot method can do anything (or nothing) if parameter x is negative Remember, a routine has no obligations when any of its preconditions is violated double SquareRoot(double x) { Debug.Assert(x >= 0.0) … } Copyright 2009 Software Renovation Corporation. All rights reserved.

Precondition Notes Preconditions are especially valuable in – Public constructors Public ‘setter’ methods or properties But also helpful in private methods and properties Assertions should be used thoughtfully Not just placed everywhere or randomly There is a tendency for DbC novices to litter the code with unnecessary assertions. This is “too much of a good thing”. Copyright 2009 Software Renovation Corporation. All rights reserved.

Important Point to Ponder Contract constraints only apply to code within the boundaries of your program Interactions at the boundaries require other techniques (e.g. exceptions) This is not the same thing as boundaries between developers For example, DbC is not used to – Validate inputs from a user or external system Report run-time errors to a user or external system It’s very important that all developers on a project use the same error detection and handling strategy. Otherwise you end up with a confusing mix of strategies that don’t work well together. Copyright 2009 Software Renovation Corporation. All rights reserved.

Question The SquareRoot() method precondition states that its input must be non-negative It is the consumer’s obligation to ensure this How can they do that using the SquareRoot() routine? Copyright 2009 Software Renovation Corporation. All rights reserved.

Possible Answers The answer depends upon how the input value is obtained – If the value is input from a user, the consumer code should validate the input, report errors, and perhaps retry on error Better yet, consumer code can usually prevent users from entering a negative input In any case, the consumer should not call the SquareRoot() routine until this precondition is met How can negative input values be prevented in the UI? Use a different type of control (e.g. slider, numeric up-down, combo box). Use a text box that has pattern-matching capabilities. Handle the KeyUp or KeyPress event and ignore minus signs (and probably various other characters as well). Copyright 2009 Software Renovation Corporation. All rights reserved.

Assertions Versus Exceptions Programming language exceptions were originally intended to report/handle “exceptional” errors Problems outside the control of an application such as memory exhaustion or I/O device errors Not bugs in the application itself For better or worse, some libraries and applications now use exceptions to report their own errors That is, bugs in the libraries or applications As a rule, DbC contracts should be independent of exception mechanism That is, contracts should not throw or catch exceptions Copyright 2009 Software Renovation Corporation. All rights reserved.

Bad Example #1 No! This is not a DbC precondition. StatusCode GetSlime(Slime slime) { if (slime == null) return STATUS_NULL_POINTER; } … implementation … Why not? Copyright 2009 Software Renovation Corporation. All rights reserved.

Bad Example #2 No! This is not a DbC precondition either. void GetSlime(Slime slime) { if (slime == null) throw new Exception(“invalid slime parameter”); } … implementation … Why not? Copyright 2009 Software Renovation Corporation. All rights reserved.

Good Example Yes! Here is a DbC precondition. void GetSlime(Slime slime) { Debug.Assert(slime != null); … implementation … } Copyright 2009 Software Renovation Corporation. All rights reserved.

Design by Contract is NOT… A development process or methodology Though it is a valuable technique Unit or regression testing Though automated testing is a useful DbC supplement Defensive programming Design by Contract is the opposite of defensive programming In his book, Dr. Meyer clearly explains the many disadvantages of defensive programming Copyright 2009 Software Renovation Corporation. All rights reserved.

References “Object Oriented Software Construction”, Bertrand Meyer, Prentice Hall “Design by contract”, Wikipedia, http://en.wikipedia.org “A Conversation with Bertrand Meyer, Parts I, II, & III”, http://www.artima.com Copyright 2009 Software Renovation Corporation. All rights reserved.

Q&A Copyright 2009 Software Renovation Corporation. All rights reserved.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.