design-by-contract | 易学教程

How can I show that a method will never return null (Design by contract) in C#

阅读更多关于 How can I show that a method will never return null (Design by contract) in C#

问题 I have a method which never returns a null object. I want to make it clear so that users of my API don't have to write code like this: if(Getxyz() != null) { // do stuff } How can I show this intent? 回答1: Unforutnately there is no way built in to C# You can document this fact, but this won't be automatically checked. If you are using resharper, then it can be set up to check this properly when the method is marked with a [NotNull] attribute. Otherwise you can use the Microsoft Contracts

Design By Contract, writing test-friendly code, object construction and Dependency Injection putting all together best practices

阅读更多关于 Design By Contract, writing test-friendly code, object construction and Dependency Injection putting all together best practices

问题 I have been trying to figure out the best practices to write test-friendly code, but more specifically the practices related to object construction. In the blue book we discovered that we should enforce invariants when creating objects to avoid the corruption of our entities, value objects, etc. with this thought in mind, Design By Contract seems like the solution to avoid the corruption of our objects, but when we follow this, we could end up writing code like this: class Car { //Constructor

Code Contracts, will you use them?

阅读更多关于 Code Contracts, will you use them?

问题 Microsoft just released Code Contracts, a tool that integrates with Visual Studio and allows you to define contracts for your .Net code and get runtime and compile time checking. Watch the video on Channel 9 that shows how it being used. For now it's an add-on but it will be part of the Base Class Library in .Net 4.0 Is this something you see yourself using? I wonder if this means the death of Spec#? Update What I mean by the death of Spec# is that we now have 2 different projects for writing

Are preconditions and postconditions needed in addition to invariants in member functions if doing design by contract?

阅读更多关于 Are preconditions and postconditions needed in addition to invariants in member functions if doing design by contract?

问题 I understand that in the DbC method, preconditions and postconditions are attached to a function. What I'm wondering is if that applies to member functions as well. For instance, assuming I use invariants at the beginning at end of each public function, a member function will look like this: edit: (cleaned up my example) void Charcoal::LightOnFire() { invariant(); in_LightOnFire(); StartBurning(); m_Status = STATUS_BURNING; m_Color = 0xCCCCCC; return; // last return in body out_LightOnFire();

How can I place validating constraints on my method input parameters?

阅读更多关于 How can I place validating constraints on my method input parameters?

问题 Here is the typical way of accomplishing this goal: public void myContractualMethod(final String x, final Set<String> y) { if ((x == null) || (x.isEmpty())) { throw new IllegalArgumentException("x cannot be null or empty"); } if (y == null) { throw new IllegalArgumentException("y cannot be null"); } // Now I can actually start writing purposeful // code to accomplish the goal of this method I think this solution is ugly. Your methods quickly fill up with boilerplate code checking the valid

Meaning of \\old in ACSL post-conditions

阅读更多关于 Meaning of \\old in ACSL post-conditions

I am a newbie user of Frama-C and have a few questions regarding assertions over pointers. Consider the C fragment below involving: two related data structures Data and Handle, s.t. Handle has a pointer to Data; a 'state' field in Data indicating whether some hypothetical operation has completed three functions: init(), start_operation() and wait(); a main() function using the above, and containing 6 assertions (A1-A6) Now, why is it that A5 and A6 cannot be asserted with the WP verifier ("frama-c -wp file.c") Shouldn't they hold due to the last "ensures" clause on start_operation()? What am I

Are preconditions and postconditions needed in addition to invariants in member functions if doing design by contract?

阅读更多关于 Are preconditions and postconditions needed in addition to invariants in member functions if doing design by contract?

I understand that in the DbC method, preconditions and postconditions are attached to a function. What I'm wondering is if that applies to member functions as well. For instance, assuming I use invariants at the beginning at end of each public function, a member function will look like this: edit: (cleaned up my example) void Charcoal::LightOnFire() { invariant(); in_LightOnFire(); StartBurning(); m_Status = STATUS_BURNING; m_Color = 0xCCCCCC; return; // last return in body out_LightOnFire(); invariant(); } inline void Charcoal::in_LightOnFire() { #ifndef _RELEASE_ assert (m_Status == STATUS

How do I insert a precondition in a java class method or constructor?

阅读更多关于 How do I insert a precondition in a java class method or constructor?

This is for a java class I'm taking. The book mentions preconditions and postconditions but doesn't give any examples how to code them. It goes on to talk about asserts, I have that down, but the assignment I'm doing specifically states to insert preconditions and test the preconditions with asserts. Any help would be great. Languages like Eiffel support "preconditions" and "postconditions" as a basic part of the language. One can make a compelling argument that the whole purpose of an "object constructor" is precisely to establish "the class invariant". But with Java (as with just about every

Compile time checking in Design by Contract?

阅读更多关于 Compile time checking in Design by Contract?

问题 I read that compiler can enforce dbc at compile time.. How does it do it? 回答1: As far as I know, the most powerful static DbC language so far is Spec# by Microsoft Research. It uses a powerful static analysis tool called Boogie which in turn uses a powerful Theorem Prover / Constraint Solver called Z3 to prove either the fulfillment or violation of contracts at design time. If the Theorem Prover can prove that a contract will always be violated, that's a compile error. If the Theorem Prover

How can I show that a method will never return null (Design by contract) in C#

阅读更多关于 How can I show that a method will never return null (Design by contract) in C#

I have a method which never returns a null object. I want to make it clear so that users of my API don't have to write code like this: if(Getxyz() != null) { // do stuff } How can I show this intent? Unforutnately there is no way built in to C# You can document this fact, but this won't be automatically checked. If you are using resharper, then it can be set up to check this properly when the method is marked with a [NotNull] attribute. Otherwise you can use the Microsoft Contracts library and add something similar to the following to your method, but this is quite a lot of extra verbiage for