Imitating Design by Contract

Does anyone know a resource of how one can imitate
Design by Contract with other languages (e.g. C#, C++)?

Thanks a lot.



     

[Non-text portions of this message have been removed]


------------------------------------

Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/eiffel_software/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/eiffel_software/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:eiffel_software-digest@...
    mailto:eiffel_software-fullfeatured@...

<*> To unsubscribe from this group, send an email to:
    eiffel_software-unsubscribe@...

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

Roman wrote:
> Does anyone know a resource of how one can imitate
> Design by Contract with other languages (e.g. C#, C++)?

Check out this Slashdot article:

http://ask.slashdot.org/article.pl?sid=06/09/22/2019224

Brian



------------------------------------

Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/eiffel_software/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/eiffel_software/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:eiffel_software-digest@...
    mailto:eiffel_software-fullfeatured@...

<*> To unsubscribe from this group, send an email to:
    eiffel_software-unsubscribe@...

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

Roman Töngi wrote:
> Does anyone know a resource of how one can imitate
> Design by Contract with other languages (e.g. C#, C++)?

Regarding C#, the short answer is: you can't. I've tried really hard, but
nothing really works.

I detailed my conclusions about this a few years ago, when I was embarking
on a project that my then-employer required be written in C# 1.1, in a Code
Project article:

http://www.codeproject.com/KB/architecture/DbCwithXCSharp.aspx

My chosen approach worked reasonably well on that project, but I doubt I
would choose it today because the required tools don't seem to be supported
in more recent versions of C#.

Any but the most simplistic (and therefore, least effective) attempts to
imitate DbC in C# are risky in terms of future maintenance. Even the most
thorough attempt to add DbC to C# -- the Spec# research project -- is stuck
at C# 2.0, for the mid-term future at least.

Therefore, I'd recommend you forget C# and use Eiffel. Eiffel will always
support DbC, so there's no risk of support for it becoming obsolete. Using
DbC in Eiffel is almost effortless. And DbC is a well-understood paradigm in
Eiffel.

- Peter



------------------------------------

Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/eiffel_software/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/eiffel_software/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:eiffel_software-digest@...
    mailto:eiffel_software-fullfeatured@...

<*> To unsubscribe from this group, send an email to:
    eiffel_software-unsubscribe@...

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

Hi Roman,

there are some macropackages available for C++. I have written for my
own use a small set of macrodefinitions for C++/C which allows
precondition, postcondition and invariant monitoring and doing some
checks. The monitoring of the assertions is switchable.

The package has not yet been released but it could be done on request. I
am using the macros in my Eiffel compiler project (
http://sourceforge.net/projects/tecomp ). If you are interested in the
macros you could check it out and have a look at the files
"cal/src/general/cy_general.h" and "cal/src/general/cy_general.cpp".



Roman Töngi wrote:
------------------------------------

Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/eiffel_software/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/eiffel_software/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:eiffel_software-digest@...
    mailto:eiffel_software-fullfeatured@...

<*> To unsubscribe from this group, send an email to:
    eiffel_software-unsubscribe@...

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

Well Design by Contract is really a way of designing your software,
you define the contracts it requires, its variants invariants pre
conditions and post conditions. Nothing stops you from using this
approach to design software and implement in a language of your
choice, you will just lose the chances to check for compile time and
runtime contract exceptions but I feel its a very precise way to
define your software system.

I'd probably avoid trying to add DbC with checks to other languages
without native support because it means creating extra code to
maintain debug etc.

------------------------------------

Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/eiffel_software/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/eiffel_software/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:eiffel_software-digest@...
    mailto:eiffel_software-fullfeatured@...

<*> To unsubscribe from this group, send an email to:
    eiffel_software-unsubscribe@...

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

I haven't yet seen a DbC clone do pre/post conditions that follow with
redefinition or runs invariants.  You'd have to ensure you're not
strengthening preconditions, weakening postconditions, and calling
invariant checks before and after every method call.  Doable, but a
lot more maintenance.

--- In eiffel_software@..., Roman Töngi <roman.toengi@...>
wrote:


------------------------------------

Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/eiffel_software/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/eiffel_software/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:eiffel_software-digest@...
    mailto:eiffel_software-fullfeatured@...

<*> To unsubscribe from this group, send an email to:
    eiffel_software-unsubscribe@...

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

Thanks for all answers.

I also think, that DbC can't be coded in another language well enough.
But as you mentioned, the principles can be used to design software.

I am mainly interested in preconditions. So I state the preconditions as
comments, provide the necessary queries for those preconditions and
hope that the client will consider it.

Example C# function:

public double inverse (double x)
{
    /*
     *Preconditions
     *    valid_value: x != 0
    */
    return 1 / x;
}

Client code:

// read a double value and store it in variable x
double inv;
if (x != 0)
    inv = inverse (x);



Another approach could be to have the function return "infinity" (a feature of double)
or using try and catch clauses; then the function can never cause a crash.
But this is contrary to the DbC Approach.

So, do you think the commented precondition approach with relying on the client is ok?

Thanks a lot.



     

[Non-text portions of this message have been removed]


------------------------------------

Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/eiffel_software/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/eiffel_software/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:eiffel_software-digest@...
    mailto:eiffel_software-fullfeatured@...

<*> To unsubscribe from this group, send an email to:
    eiffel_software-unsubscribe@...

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

Here's what Bertrand Meyer had to say about this subject a while back:

from: http://tech.groups.yahoo.com/group/eiffel_software/message/3558

> > Subject: DBC Implementation Notes?

> > I have a student who is interested in doing a project adding
> > design-by-contract assertions to another language. To my memory,
> > I have never seen anything about how assertions are implemented
> > in EiffelStudio, and what the challenges and pitfalls were. Can
> > anyone point me to any documentation?

> > Thanks a lot,
> > James

> Dear Jim:

> Your student should find the following links useful:

> http://www.phact.org/e/dennis4.html
> http://mathworld.wolfram.com/CircleSquaring.html
> http://chemistry.about.com/cs/generalchemistry/a/aa050601a.htm

> Hope this helps,

> -- Bertrand Meyer

Pretentious and sarcastic, I love it!
Brian



------------------------------------

Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/eiffel_software/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/eiffel_software/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:eiffel_software-digest@...
    mailto:eiffel_software-fullfeatured@...

<*> To unsubscribe from this group, send an email to:
    eiffel_software-unsubscribe@...

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

> > http://mathworld.wolfram.com/CircleSquaring.html

Whereas Eiffel is written in Euclidean space, to achieve his contracting
goals, Roman simply needs to program his C++ in Gauss-Bolyai-Lobachevsky
Space, instead of its usual Hilbert Space. However, the problem remains that
it is stochastic.

A colleague wrote an honours thesis titled "Probability Theory in a Banach
Space"... perhaps it may be of some help?

David
P.S. I feel it is time for some more Eiffel poetry.



------------------------------------

Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/eiffel_software/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/eiffel_software/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:eiffel_software-digest@...
    mailto:eiffel_software-fullfeatured@...

<*> To unsubscribe from this group, send an email to:
    eiffel_software-unsubscribe@...

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

Roman Töngi wrote:
Say it in code! Even the humble C assert() macro is preferable to comments
like this.

In C#, you have Debug.Assert(), which is very flexible; or you can make it
look (if not behave) a bit more like DbC by using Kevin McFarlane's
DesignByContract class:
http://www.codeproject.com/KB/cs/designbycontract.aspx . In both cases, it's
not real DbC because the assertions aren't inherited automatically by
overriding methods, and there is no support for invariants (unless you
tediously code it manually).

- Peter Gummer



------------------------------------

Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/eiffel_software/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/eiffel_software/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:eiffel_software-digest@...
    mailto:eiffel_software-fullfeatured@...

<*> To unsubscribe from this group, send an email to:
    eiffel_software-unsubscribe@...

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

> and there is no support for invariants (unless you
> tediously code it manually).

Warning: you'd also (in general) need to wrap all calls to methods of the
same class with code that bumps and un-bumps a counter that can be tested,
so that the called method does not try to check the class invariant on entry
and exit. That will ensure that the invariant check is only executed for
external calls (i.e. when the counter is zero.)

David



------------------------------------

Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/eiffel_software/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/eiffel_software/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:eiffel_software-digest@...
    mailto:eiffel_software-fullfeatured@...

<*> To unsubscribe from this group, send an email to:
    eiffel_software-unsubscribe@...

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

David Broadfoot wrote:
> Warning: you'd also (in general) need to wrap all calls to methods of the
> same class with code that bumps and un-bumps a counter that can be tested
> ...

That's way too tricky. I've never bothered with invariants when trying to
simulate DbC in other languages.

If you want real DbC, you really do need Eiffel.

- Peter Gummer



------------------------------------

Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/eiffel_software/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/eiffel_software/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:eiffel_software-digest@...
    mailto:eiffel_software-fullfeatured@...

<*> To unsubscribe from this group, send an email to:
    eiffel_software-unsubscribe@...

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

> David Broadfoot wrote:
> > Warning: you'd also (in general) need to wrap all calls to methods of
> the
> > same class with code that bumps and un-bumps a counter that can be
> tested
> > ...
>
> That's way too tricky. I've never bothered with invariants when trying to
> simulate DbC in other languages.

It's not really that tricky... but it is, as you stated, "tedious". It's
also much more error-prone.

I was just pointing out that *if* one was considering suffering that tedium,
then you needed to be fully aware of what was required to actually get it
right (unlike McFarlane's package, which gets it wrong.)


> If you want real DbC, you really do need Eiffel.

Or suffer the tedium, which, as I pointed out, is even greater than was
apparent from your brief nots on how to do it. Plus the risk of forgetting
to add all the rigging every time.

David



------------------------------------

Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/eiffel_software/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/eiffel_software/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:eiffel_software-digest@...
    mailto:eiffel_software-fullfeatured@...

<*> To unsubscribe from this group, send an email to:
    eiffel_software-unsubscribe@...

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

I wrote a simple dbc library for Java based on Jon Tirsen Nanning
AspectJ  (http://nanning.codehaus.org/overview.html).

You can see the library here http://code.google.com/p/javadbc/

 

--- In eiffel_software@..., Roman Töngi <roman.toengi@...>
wrote:


------------------------------------

Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/eiffel_software/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/eiffel_software/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:eiffel_software-digest@...
    mailto:eiffel_software-fullfeatured@...

<*> To unsubscribe from this group, send an email to:
    eiffel_software-unsubscribe@...

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

I don’t know the library, but contracts don’t  go well with aspects (they
don’t crosscut):

 

 
http://se.ethz.ch/~meyer/publications/lncs/aspects_contracts.pdf

 

-- BM

 

From: eiffel_software@...
[mailto:eiffel_software@...] On Behalf Of vrhj2000
Sent: 15 June, 2008 01:20
To: eiffel_software@...
Subject: [eiffel_software] Re: Imitating Design by Contract

 

I wrote a simple dbc library for Java based on Jon Tirsen Nanning
AspectJ (http://nanning.codehaus.org/overview.html).

You can see the library here http://code.google.com/p/javadbc/

--- In eiffel_software@...
<mailto:eiffel_software%40yahoogroups.com> , Roman Töngi <roman.toengi@...>
wrote:
 



[Non-text portions of this message have been removed]


------------------------------------

Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/eiffel_software/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/eiffel_software/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:eiffel_software-digest@...
    mailto:eiffel_software-fullfeatured@...

<*> To unsubscribe from this group, send an email to:
    eiffel_software-unsubscribe@...

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

Bertrand Meyer wrote:
> I don't know the library, but contracts don't  go well with aspects (they
> don't crosscut):
>
> http://se.ethz.ch/~meyer/publications/lncs/aspects_contracts.pdf

That's an interesting study. I have no experience with AspectJ, but my
experience with Extensible C# was much better in two respects:
* I was able to express pre- and post-conditions directly within the class
text, immediately above the method to which they applied.
* These pre- and post-conditions were inherited by overriding methods.

The study's example contract would be written something like this:

|    [Old("double x, y")]
|    [Ensure("x == old x + delta_x")]
|    [Ensure("y == old y + delta_y")]
|    public void moveBy(double deltaX, double deltaY){
|        x += deltaX;
|        y += deltaY;
|    }

(Well, I tell a lie here, because it didn't support Eiffel's "old" notation,
although I did have plans to extend it to allow the kind of declaration you
see above. It's very extendible, a fact that I took advantage of to fix
various other deficiencies, but I never did get around to implementing
"old".)

All of the study's other criticisms about AOP not being suitable for DbC
hold for Extensible C#. Extensible C# had several disadvantages that the
study doesn't mention:
* The contract code had to be written within strings, as you see above,
which was then parsed by a post-compiler. This was a bit inconvenient,
because some of the IDE's capabilities were unavailable when writing the
contracts.
* The contracts were considerably less legible than when written in Eiffel.
* Getting started is difficult. In Eiffel, DbC just works, whereas I spent a
week or more overcoming various basic deficiencies in Extensible C#'s
support for contracts.

- Peter Gummer



------------------------------------

Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/eiffel_software/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/eiffel_software/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:eiffel_software-digest@...
    mailto:eiffel_software-fullfeatured@...

<*> To unsubscribe from this group, send an email to:
    eiffel_software-unsubscribe@...

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

--- In eiffel_software@..., "Peter Gummer" <p-gummer@...> wrote:
As discussed on this list many times, if you want to do real DBC, you have several other
options than Eiffel, including using the Java Modeling Language (JML) with Java and using
Microsoft Research's Spec# extension of C#.  See the JML and Spec# homepages for more
information, including several research papers about using DBC in these systems.

Best,
Joe Kiniry


------------------------------------

Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/eiffel_software/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/eiffel_software/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:eiffel_software-digest@...
    mailto:eiffel_software-fullfeatured@...

<*> To unsubscribe from this group, send an email to:
    eiffel_software-unsubscribe@...

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/