Contract based programming 1

Contract based programming

Using pre- and post-conditions, and object invariants

Contract based programming 2

Design by contract

• Idea• A program is correct if given correct input the program produces correct

output.• Correct input → PROGRAM → correct output• A program is considered a kind of “black box”• Same idea applies to parts of a program

• Methods, functions, etc.• Correct input → METHOD → correct output

• Precondition• Specification of correct input

• Postcondition• Specification of correct output

Contract based programming 3

Contracts

• A supplier (programmer) writes a class or method to be used by a client (another programmer)• The contract specifies• The public interface of the class /

method• Pre-conditions• Post-conditions• Object invariants

Contract based programming 4

Pre- and post-conditions

• Pre-condition• What does the method expect?• Must be true before it makes sense to call the method

• Methods should check this and throw appropriate exceptions• C# examples

• Convert.ToInt32(String str)• Assumes str is a string that contains number.• If not it throws FormatException, or OverflowException

• Post-condition• What does the method guarantee?

• After the method has executed• Returned value, and/or change of object state

Contract based programming 5

Object invariant

• An invariant is a statement that is invariable true• Object invariant• Statement about the objects state between method invocations• Example: Class Student

• Name != null, age >= 0

Contract based programming 6

C# language support

• In C# there is no direct language support for programming by contract• Pre- and post-conditions, can be specified as comments to the

methods• Invariants can be specified as comments to the class.• Pre-conditions and invariants must be checked in the beginning of all

modifying methods, like set methods, etc.• The exception throw is often• ArgumentException

• ArgumentNullException, a sub-class of ArgumentException• ArgumentOutOfRangeException, a sub-class of ArgumentException

Contract based programming 7

ArgumentException• Thrown if there is something wrong (according to the pre-condition) with the argument

(parameter) to the method.• Some properties

• Message• The error message: Should be readable to humans

• ParamName• Name of the parameter that caused the exception Some constructors

• InnerException• Different from null if the exception is chained

• Some constructors• ArgumentException()

• No parameter: The catcher does not know what is wrong.• Don’t use …

• ArgumentException(String message)• The catcher can use the message to write to the user, etc.

• ArgumentException(String message, String paramName)• ArgumentException(String message, Exception innerException)

• Useful for exception chaining

Contract based programming 8

ArgumentNullException• Thrown when null reference is thrown is passed to a method that does not

accept it as a valid argument• http://msdn.microsoft.com/en-us/library/System.ArgumentNullException(v=vs.110).

aspx

• Some properties• Like base class: ArgumentException

• Constructors• ArgumentNullException()

• Default message, no parameter name set• ArgumentNullException(String paramName)

• Default message with parameter name.• Use this for most cases!

• ArgumentNullException(String message, String paramName)• ArgumentNullException(String message, Exception innerException)

Contract based programming 9

ArgumentOutOfRangeException• Thrown if the actual value of an argument (aka parameter) is outside the legal

range• Example: Teacher salary, legal range >= 0

• Some properties• Like base class ArgumentException• ActualValue: The actual value of the parameter

• Some constructors• ArgumentOutOfRangeException()

• Do not use! No information about the problem.• ArgumentOutOfRangeException(String paramName)• ArgumentOutOfRangeException(String paramName, String message)• ArgumentOutOfRangeException(String paramName, Object actualValue, String message)• ArgumentOutOfRangeException(String message, Exception innerException)

• Useful for exception chaining

Contract based programming 10

Some aliases

• Contract based programming aka.• Bertrand Meier: The Eiffel programming language, 1986

• Design by contract aka.• Registered trademark (US)

• Programming by contract aka.• Design-by-contract programming aka.• Code contracts [Microsoft terms]

Contract based programming 11

References and further readings

• Wikipedia Design by contract• http://en.wikipedia.org/wiki/Design_by_contract

• Microsoft Research Code Contracts• http://research.microsoft.com/en-us/projects/contracts/• http://visualstudiogallery.msdn.microsoft.com/1ec7db13-3363-46c9-851f-1ce

455f66970