NationMaster - Encyclopedia: Design by contract

Design by contract, DBC or Programming by contract is a methodology for designing computer software. It prescribes that software designers should define precise checkable interface specifications for software components based upon the theory of abstract data types and the conceptual metaphor of a business contract. Software, consisting of programs, enables a computer to perform specific tasks, as opposed to the physical components of the system (hardware). ... In computing, an abstract data type (ADT) is a specification of a set of data and the set of operations that can be performed on the data. ... Conceptual metaphor: In cognitive linguistics, metaphor is defined as understanding one conceptual domain in terms of another conceptual domain; for example, using one persons life experience to understand a different persons experience. ... A contract is a legally binding exchange of promises or agreement between parties. ...

History

The term was coined by Bertrand Meyer in connection with his design of the Eiffel programming language and first described in various articles starting in 1986^[1]^[2]^[3] and the two successive editions (1988, 1997) of his book Object-Oriented Software Construction. Bertrand Meyer (born 1950 in France) developed the Eiffel programming language, and is an author, academic and consultant in the field of computer languages. ... Eiffel is an ISO-standardized object-oriented programming language designed for extensibility, reusability, reliability and programmer productivity. ... Object-Oriented Software Construction is the title of a book by Bertrand Meyer, widely considered a foundational text of object-oriented programming. ...

Design by contract has its root in work on formal verification, formal specification and Hoare logic. The original contributions include: In the context of hardware and software systems, formal verification is the act of proving or disproving the correctness of a system with respect to a certain formal specification or property, using formal methods of mathematics. ... A formal specification is a mathematical description of software or hardware that may be used to develop an implementation. ... Hoare logic (also known as Floydâ€“Hoare logic) is a formal system developed by the British computer scientist C. A. R. Hoare, and subsequently refined by Hoare and other researchers. ...

A clear metaphor to guide the design process.
The application to inheritance, in particular a methodology for redefinition and dynamic binding.
The application to exception handling.
The connection with automatic software documentation.

"Design by Contract" is a trademark of Eiffel Software, the designers of Eiffel. In object-oriented programming, inheritance is a way to form new classes (instances of which are called objects) using classes that have already been defined. ... In computer science, binding is associating objects and implementations with names in programming language so that those objects and implementations can be accessed by the names. ... Exception handling is a programming language construct or computer hardware mechanism designed to handle runtime errors or other problems (exceptions) which occur during the execution of a computer program. ... Software Documentation or Source Code Documentation is written text that accompanies computer software. ...

Description

The central idea of DBC is a metaphor on how elements of a software system collaborate with each other, on the basis of mutual obligations and benefits. The metaphor comes from business life, where a "client" and a "supplier" agree on a "contract" which defines for example that:

The supplier must provide a certain product (obligation) and is entitled to expect that the client has paid its fee (benefit).
The client must pay the fee (obligation) and is entitled to get the product (benefit).
Both parties must satisfy certain obligations, such as laws and regulations, applying to all contracts.

Similarly, if a routine from a class in object-oriented programming provides a certain functionality, it may: In object-oriented programming, a class consists of encapsulated instance variables and subprograms, the methods mentioned below. ... Object-oriented programming (OOP) is a programming paradigm that uses objects to design applications and computer programs. ...

Impose a certain obligation to be guaranteed on entry by any client module that calls it: the routine's precondition — an obligation for the client, and a benefit for the supplier (the routine itself), as it frees it from having to handle cases outside of the precondition.
Guarantee a certain property on exit: the routine's postcondition — an obligation for the supplier, and obviously a benefit (the main benefit of calling the routine) for the client.
Maintain a certain property, assumed on entry and guaranteed on exit: the class invariant.

The contract is the formalization of these obligations and benefits. One could summarize design by contract by the "three questions" that the designer must repeatedly ask: In computer programming, a class invariant is an invariant used to constrain objects of a class. ...

What does it expect?
What does it guarantee?
What does it maintain?

Many languages have facilities to make assertions like these. However, DBC is novel in recognizing that these contracts are so crucial to software correctness that they should be part of the design process. In effect, DBC advocates writing the assertions first. In computer programming, an assertion statement is a programming language construct that indicates an assumption on which the program is based. ...

The notion of a contract extends down to the method/procedure level; the contract for each method will normally contain the following pieces of information:

Acceptable and unacceptable input values or types (compare to type bounds for Java 5 generics), and their meanings
Return values or types (compare to type bounds for Java 5 generics), and their meanings
Error and exception conditions values or types (compare to type bounds for Java 5 generics), that can occur, and their meanings
Side effects
Preconditions
Postconditions
Invariants
(Rarer) Performance guarantees, e.g. for time or space used

Using the DBC methodology, the program code itself must never try to verify the contract conditions; the whole idea is that code should "fail hard", with the contract verification being the safety net. DBC's "fail hard" property makes debugging for-contract behavior much easier because the intended behaviour of each routine is clearly specified. The word error has different meanings in different domains. ... Exception handling is a programming language construct or computer hardware mechanism designed to handle the occurrence of some condition that changes the normal flow of execution. ... In computer science, a function is said to produce a side effect if it modifies some state other than its return value. ... In logic a precondition is a condition that has to be met, before a main argument can have any value. ... A postcondition is a fact that must always be true just after the execution of some section of code. ... In computer science, optimising compilers and the methodology of design by contract pay close attention to invariant quantities in computer programs, where the set of transformations involved is the execution of the steps of the computer program. ...

The contract conditions should never be violated in program execution: thus, they can be either left in as debugging code, or removed from the code altogether for performance reasons.

All class relationships are between Client classes and Supplier classes. A Client class is obliged to make calls to Supplier features where the resulting state of the Supplier is not violated by the Client call. Subsequently, the Supplier is obliged to provide a return state and data that does not violate the state requirements of the Client. For instance, a Supplier data buffer may require that data is present in the buffer when a delete feature is called. Subsequently, the Supplier guarantees to the client that when a delete feature finishes its work, the data item will, indeed, be deleted from the buffer. Other Design Contracts are concepts of "Class Invariant". The Class Invariant guarantees (for the local class) that the state of the class will be maintained within specified tolerances at the end of each feature execution.

Unit testing tests a module in isolation, to check that it meets its contract assuming its subcontractors meet theirs. Integration testing checks whether the various modules are working properly together. Design by contract also fosters code reuse, since the contract for each piece of code is fully documented. The contracts for a module can also be regarded as a form of software documentation for the behavior of that module. In computer programming, a unit test is a procedure used to validate that a particular module of source code is working properly. ... Integration testing (sometimes called Integration and testing and abbreviated I&T) is the phase of software testing in which individual software modules are combined and tested as a group. ... Software Documentation or Source Code Documentation is written text that accompanies computer software. ...

Non-technical analogy

A process in which a number of objects (people or software components, for example) interact to satisfy a goal is called a collaboration. When two objects collaborate together, one - the client - requests the services of the other - the supplier. The supplier in turn may request the sevices of other objects, and in those collaborations it is the client and they are the suppliers. The process only works correctly if all these individual collaborations work correctly. In a very real sense, the chain is only as strong as its weakest link. A Unit can be a person, a family, a team, a business unit, an organisation, a community, a country, or society, which has their own treasured identity and way of working. ...

Take the process of going on holiday, for example. Bertrand wants to spend two weeks in Florida. He books the holiday through DBC Holidays Inc., who specialise in U.S. package holidays. When he makes the booking (collaboration #1), Bertrand is the client and DBC Holidays are the supplier. DBC Holidays then arrange flights through Assertair Corp. (collaboration #2), and book a room at the Precondition Plaza Hotel in Miami (collaboration #3). In collaboration #2, DBC Holidays are the client and Assertair is the supplier, and in collaboration #3, the hotel is the supplier. And the chain of collaborations goes deeper and deeper (e.g., who does Assertair pay to service their jets?)

If any link in this chain of collaborations breaks, then the result could be that Bertrand's holiday is ruined. It's vital, therefore, that every player in the collaboration does what they're supposed to do. In any collaboration, client and supplier have certain obligations. These obligations (or "responsibilities", if you like) fall into three distinct types:

Things that the supplier promises to do as part of the service it offers to the client (e.g., Assertair promises DBC Holidays that Bertrand will be in Miami at a certain date and time)
Things that the client promises to do before using the service (e.g., DBC Holidays must ensure that Bertrand has his passport and tickets when he checks in for his flight)
Things that the supplier promises will always be true no matter what happens (e.g., The airline will always have adequate insurance to cover any accident)

Things that the supplier promises to do as part of the service are described as a special kind of rule called a postcondition. The postcondition tells the client what will be true if the service is executed correctly (e.g., "your customer will be in Miami by 15:30 on June 8"). A postcondition is a fact that must always be true just after the execution of some section of code. ... A postcondition is a fact that must always be true just after the execution of some section of code. ... June 8 is the 159th day of the year in the Gregorian Calendar (160th in leap years), with 206 days remaining. ...

If Bertrand turns up at the check-in desk without his passport, of course, then the airline can't live up to their side of the contract - he will not be allowed to board the plane without it. A rule that the client must satisfy before using a service is called a precondition. In logic a precondition is a condition that has to be met, before a main argument can have any value. ...

A rule that states what must always be true is called an invariant. If the airline doesn't have adequate insurance then nobody is going anywhere! Invariant may have meanings invariant (computer science), such as a combination of variables not altered in a loop invariant (mathematics), something unaltered by a transformation invariant (music) invariant (physics) conserved by system symmetry This is a disambiguation page — a navigational aid which lists other pages that might otherwise share...

Design By Contract is a discipline for building software such that the collaborations between objects are correct. A formula for correctness when a client uses the services of a supplier is given as:

If the invariant AND precondition are true before using the service, then the invariant AND the postcondition will be true after the service has been completed.

In DBC, the responsibilities are clear: the client must satisfy the precondition. This distinguishes it markedly from a related practice known as defensive programming, where the supplier is responsible for figuring out what to do when a precondition is broken. More often than not, the supplier throws an exception to inform the client that the precondition has been broken, and in both cases - DBC and defensive programming - the client must figure out how to respond to that. DBC makes the supplier's job easier. Defensive programming is a form of defensive design intended to ensure the continuing function of a piece of software in spite of unforeseeable usage of said software. ...

Languages implementing DBC

C

Recent efforts add support for Design by Contract to the C programming language using DBC for C, a preprocessor written in Ruby. haha :D C is a general-purpose, procedural, imperative computer programming language developed in 1972 by Dennis Ritchie at the Bell Telephone Laboratories for use with the Unix operating system. ... In computer science, a preprocessor is a program that processes its input data to produce output that is used as input to another program. ... Ruby is a reflective, object-oriented programming language. ...

Other tools supporting DBC for C include:

GNU Nana

C++

Tools supporting DBC for C++ include: C++ (pronounced see plus plus, IPA: ) is a general-purpose, high-level programming language with low-level facilities. ...

C²
Gnu nana
Digital Mars C++ compiler has built-in language extensions to support DBC [1].

Libraries developed using design-by-contract: Digital Mars features C and C++ compilers for Win32, Win16 and DOS. And also D. External links Digital Mars ...

dlib C++ library.

C#

Tools supporting DBC for C# include: The title given to this article is incorrect due to technical limitations. ...

eXtensible C#, a commercial post-compiler that transforms "declarative assertions", in the form of .NET attributes attached to C# methods and properties, into actual pre- and post-conditions embedded in the compiled .NET IL code.
Spec#, a Microsoft research extension of the C# language.
Microsoft Visual Studio Team System for Software Testers, a Microsoft Development Environment for C# (and other .NET languages) that provides unit testing capabilities.

Chrome

The Chrome programming language is an Object Pascal implementation that has "class contracts", which are similar to DBC. Chrome is a programming language for the Common Language Infrastructure developed by RemObjects Software. ...

Common Lisp

With Common Lisp's macro facility and the CLOS metaobject protocol, Design by Contract can be implemented as a library: Common Lisp, commonly abbreviated CL, is a dialect of the Lisp programming language, standardised by ANSI X3. ... The Common Lisp Object System (CLOS) is the facility for object-oriented programming which is part of Common Lisp (CL). ... In computer science, a metaobject or meta-object is any entity that manipulates, creates, describes, or implements other objects. ...

dbc Common Lisp library

D

D implements Design by Contract as a major feature.^[4] D is an object-oriented, imperative system programming language designed by Walter Bright of Digital Mars as a re-engineering of C/C++. He has done this by re-designing many C++ features, and borrowing ideas from other programming languages. ...

Eiffel

The object oriented Eiffel programming language was created to implement Design by Contract. The language is organized around the concepts of Design by Contract, closely integrated with its object-oriented structure and in particular with its inheritance mechanism, with direct language support for weakening preconditions and strengthening postconditions. In computer science, object-oriented programming, OOP for short, is a computer programming paradigm. ... Eiffel is an ISO-standardized object-oriented programming language designed for extensibility, reusability, reliability and programmer productivity. ... In object-oriented programming, inheritance is a way to form new classes (instances of which are called objects) using classes that have already been defined. ...

Eiffel compilers support run-time assertion monitoring through a compilation option. A run-time assertion violation triggers an exception. The exception mechanism is, more generally, directly based on the concepts of Design by Contract.

Java

Tools supporting DBC for Java include: Java is an object-oriented programming language developed by Sun Microsystems in the early 1990s. ...

iContract2, a free Java source pre-processor/code-generator that uses Javadoc tags to specify preconditions, postconditions, and invariants
Contract4J, a DBC tool where tests are defined using Java 5 annotations and aspects written in AspectJ evaluate the test expressions at runtime and handle failures.
jContractor, which provides runtime contract checking by instrumenting the bytecode of classes that define contracts
Jcontract, a proprietary DBC tool by Parasoft
C4J, an open source tool with full support for contract inheritance and also the possibility to define contracts for interfaces
CodePro Analytix, which generates unit test case logic in Eclipse based on assertions within the class and method Javadocs.
STclass is an open source Contract Based Built-in Test (CBBT) Framework; it allows the definition of contracts and test-units in classes and interfaces and handles contracts and test-units inheritance.
Jass, a GPLed Java source pre-processor that uses specially formatted Java comments to specify preconditions, postconditions, and invariants, ...
OVal, an extensible object validation framework for Java 5 or later. Annotations or XML configuration files can be used to express class constraints. OVal can optionally use AspectJ to enforce automatic validation (programming by contract).
SpringContracts, is an open source solution with seamless integration into the Spring Framework. It is mainly based on AOP, Annotations and an exchangeable specification language (EL, OGNL, Groovy) for contract definition.

The GNU logo For other uses of GPL, see GPL (disambiguation). ...

JML

The Java Modeling Language (JML) provides specifications, including contracts, to describe Java programs. The Java Modeling Language (JML) follows the design by contract paradigm. ... Java is an object-oriented programming language developed by Sun Microsystems in the early 1990s. ...

Lisaac

Lisaac implements Design by Contract as a major feature. Lisaac is the first compiled object-oriented language based on prototype concepts, with system programming facilities. ...

Nemerle

Nemerle implements Design by Contract as a major feature. Nemerle is a hybrid functional, object oriented and imperative programming language for Microsoft . ...

Perl

Damian Conway's Class::Contract module, now maintained by C. Garrett Goebel, is available from CPAN, and implements design-by-contract in Perl. Although the module is not widely used, it enjoys some popularity among Perl users involved in larger projects. Class::Agreement is a newer, less mature alternative. Damian Conway was, until August 2005, an Associate Professor in the Department of Computer Science and Software Engineering at Monash University. ... CPAN is an acronym standing for Comprehensive Perl Archive Network. ... Perl is a dynamic programming language created by Larry Wall and first released in 1987. ...

Raphael Manfredi's Carp::Datum module is another (perhaps simpler) alternative on CPAN to implement design-by-contract in Perl. It follows a different path by tieing assertions with tracing features which prove very useful in complex projects. The module also provides support for assertion stripping at install time. RaphaÃ«l Manfredi has been the author of many open-source programs since 1990. ... CPAN is an acronym standing for Comprehensive Perl Archive Network. ... Perl is a dynamic programming language created by Larry Wall and first released in 1987. ...

Perfect

Escher Technologies' specification language Perfect, as used in the software development tool Perfect Developer implements an extension of DBC, which is called Verified Design by Contract, or VDBC. This tool enjoys popularity with students on some computer science courses as it can generate working programs in Java. Perfect Developer (PD) is a tool for developing computer programs in a rigorous manner, by developing a formal specification and refining it to code. ...

PHP

PHP can implement design by contract via its assert() function and a callback function defined using assert_options(). PHP (PHP: Hypertext Preprocessor) is a reflective programming language originally designed for producing dynamic Web pages. ...

PLT Scheme

PLT Scheme, an extension of the Scheme programming language, implements a sound variant of Eiffel's DBC for modules, higher-order functions, and objects. The design of this system emphasizes that each contract violation must blame the guilty party and must do so with an accurate explanations. Findler's paper carefully explain that this is not the case for Eiffel's system. The Scheme programming language is a functional programming language and a dialect of Lisp. ...

Python

Python supports DBC through tools like PyDBC, Contracts for Python, and Dmitry Dvoinikov's recipe. Python is a programming language created by Guido van Rossum in 1990. ...

Ruby

There are several external Design by Contract modules available for Ruby, including DesignByContract, Ruby DBC, and ruby-contract. Ruby is a reflective, dynamic, object-oriented programming language. ...

Sather

The Sather programming language implements Design by Contract. Sather is an object-oriented programming language. ...

SPARK

The SPARK programming language implements Design by Contract by static analysis of Ada programs. By using static analysis SPARK ensures that no contract is ever broken at run-time. This means that Eiffel's problematic 'fail hard' situation will never occur on SPARK. SPARK is a secure, formally-defined language designed to support the development of software used in applications where correct operation is vital either for reasons of safety or business integrity. ... Static analysis is the term applied to the analysis of computer software that is performed without actually executing programs built from that software (analysis performed on executing programs is known as dynamic analysis). ... Ada is a structured, statically typed imperative computer programming language designed by a team led by Jean Ichbiah of CII Honeywell Bull during 1977â€“1983. ... SPARK is a secure, formally-defined language designed to support the development of software used in applications where correct operation is vital either for reasons of safety or business integrity. ... Eiffel is an ISO-standardized object-oriented programming language designed for extensibility, reusability, reliability and programmer productivity. ... SPARK is a secure, formally-defined language designed to support the development of software used in applications where correct operation is vital either for reasons of safety or business integrity. ...

Bibliography

^ Meyer, Bertrand: Design by Contract, Technical Report TR-EI-12/CO, Interactive Software Engineering Inc., 1986
^ Meyer, Bertrand: Design by Contract, in Advances in Object-Oriented Software Engineering, eds. D. Mandrioli and B. Meyer, Prentice Hall, 1991, pp. 1-50
^ Meyer, Bertrand: Applying "Design by Contract", in Computer (IEEE), 25, 10, October 1992, pages 40-51, also available online
^ Bright, Walter (2006-08-20). D Programming Language, Contract Programming. Digital Mars. Retrieved on 2006-10-06.

Mitchell, Richard, and McKim, Jim: Design by Contract: by example, Addison-Wesley, 2002

A wikibook describing DBC closely to the original model.

For the Manfred Mann album, see 2006 (album). ... October 6 is the 279th day of the year (280th in leap years). ...

External links

An introduction to Design by Contract(TM)
Original IEEE Computer article
Isaac / Lisaac Project home
C2 Wiki: Design by contract
Damian Conway's Class::Contract Perl module from CPAN
Raphael Manfredi's Carp::Datum Perl module from CPAN

Categories: Software design patterns | Programming language topics

Results from FactBites:

Design by contract - Wikipedia, the free encyclopedia (1871 words)
	Design by contract, DBC or Programming by contract is a methodology for designing computer software.
	Design by contract also fosters code reuse, since the contract for each piece of code is fully documented.
	Design By Contract is a discipline for building software such that the collaborations between objects are correct.

More results at FactBites »

COMMENTARY

Share your thoughts, questions and commentary here

Want to know more?
Search encyclopedia, statistics and forums:

Feeds | Contact
The Wikipedia article included on this page is licensed under the GFDL.
Images may be subject to relevant owners' copyright.
All other elements are (c) copyright NationMaster.com 2003-5. All Rights Reserved.
Usage implies agreement with terms.

Contents