Code Contracts ABC 16.04.2011
61
Проектирование по контракту Dmytro Mindra RnD Tech Lead Lohika Labs Киев, 2011
-
Upload
dmytro-mindra -
Category
Technology
-
view
1.645 -
download
4
description
Transcript of Code Contracts ABC 16.04.2011
- 1.
DmytroMindra
RnD Tech Lead
LohikaLabs
, 2011 - 2.
:
Visual Studio 2010 Professional. Code ContractsStandard Edition. , .
Code Contracts Premium Edition . - 3. Drake Emko & Jen Brodzik, 2001
- 4. Drake Emko & Jen Brodzik, 2001
- 5. Drake Emko & Jen Brodzik, 2001
- 6. Northeast Blackout
-
14 2003
12:15 p.m. MISO
,
.
2:02 p.m. 345
2:14 p.m. ( )
3:05 p.m. 345
3:17 p.m. .
.
3:32 p.m.
345 .
. .. MISO
FirstEnergy . - 7. 4:13 p.m. .
256 .
55
24 . - 8. Ariane 5 (501)
4 1996 - 9. 37
US$370-500
US$ 7
4
64-bitfloating point => 16-bitsignedinteger
?
.
.
. - 10. 56
2
2
52
Arian 5?
. . - 11.
- 12.
Therac-25 c 1985 1987 6 .[15]
MultidataSystemsInternational 8 . 20 . , , . [15] - 13.
- 14.
- 15.
- 16.
- 17.
publicinterfaceIFruit{}publicinterfaceIFruitService{IFruitGetFruit();}
publicclassFruit:IFruit{}publicclassFruitService:IFruitService{
publicIFruitGetFruit(){returnnewFruit();}
}
- 18.
publicclassFruitDealer{privatereadonlyIFruitService_fruitService;privatedouble_dealerMoney;publicFruitDealer(IFruitServicefruitService){_fruitService=fruitService;}publicIFruitSellFruit(doublemoney){_dealerMoney+=money;return_fruitService.GetFruit();}}
money0
if (money 0
do
balance := balance + amount
ensure
updated: balance = old balance + amount end - 29. ?
- 30. Visual Studio 2010 (Premium , Ultimate)
.NET 4.0 (System.Diagnostics.Contracts)
(CodeContract Tools).
:
generate runtime checking from the contracts(ccrewrite)
do a static check that verifies contracts at compile-time (cccheck)
add contracts to the XML documentation files (ccdoc)
LOCATION: [Program Files]MicrosoftContractsBin - 31.
- 32.
public class FruitDealer
{
private readonlyIFruitService_fruitService;
private double _dealerMoney;
public FruitDealer(IFruitServicefruitService)
{
Contract.Requires(fruitService!=null);
_fruitService = fruitService;
}
public IFruitSellFruit(double money)
{
Contract.Requires(money > 0);
Contract.Ensures(Contract.Result()!=null);
_dealerMoney += money;
return _fruitService.GetFruit();
}
}
- 33. 1
FruitDealerdealer1 = new FruitDealer(null); - 34. 2
FruitDealerdealer2 = new FruitDealer(new FruitService());
IFruitfruit2 = dealer2.SellFruit(-10); - 35.
- 36. System.Diagnostics.Contracts
Contract
Attributes
ContractClassAttribute
ContractClassForAttribute
ContractInvariantMethodAttribute
ContractPublicPropertyNameAttribute
ContractReferenceAssemblyAttribute
ContractRuntimeIgnoredAttribute
ContractVerificationAttribute
PureAttribute ( is not enforced by analysis tools )
ContractFailedEventArgs
ContractFailureKind (enum) - 37.
Pre-conditions: Requires
Post-conditions: Ensures
Invariants: Invariant
See also: EnsuresOnThrow
Requires - 38.
publicclassCustomer {privateint_ID;publicintID{get{return_ID;}
set{
if(value0);
_ID=value;}}}
- 39.
- 40. ?
- 41. Processing collections
Integer range
ForAll(Int32, Int32, Predicate)
Exists(Int32, Int32, Predicate)
Collection
ForAll(IEnumerable, Predicate)
Exists(IEnumerable, Predicate) - 42.
- 43.
OldValue
Result
ValueAtReturn - 44.
- 45.
Assert
Assume , . . Assert. [3]
EndContractBlock - for legacy contracts - 46. Assert & Assume
public void Invoke()
{
int x = CalculateSomeValues();
// Tell the checker to verify whether
// x>0.
// (The checker might
// be unable to do it.)
Contract.Assert( x>0 );
// Rest of the code
}
public void Invoke() {
int x = CalculateSomeValues();
// Explicitly tell the checker that
//x>0
Contract.Assume( x>0 );
// Rest of the code
} - 47.
[7]
, , .
, .
E.g was require x>10
Added require x>100
Now x = 20 fulfills 1st require but violates 2nd; - 48. :
- 49. ContractFailed
Contract.ContractFailed+=
ContractContractFailed;
staticvoidContractContractFailed(
objectsender, ContractFailedEventArgs e){e.SetHandled();// exception handledConsole.WriteLine(e.Message);} - 50. ContractFailed
- 51. custom contracts &custom rewriters methods
publicstaticclassRuntimeFailureMethods{publicstaticvoidRequires(boolcond,stringuserMsg,stringcondText){}publicstaticvoidEnsures(boolcond,stringuserMsg,stringcondText){}
}
See user manual 7.7. (page 34) [12] - 52. Code snippets
crContract.Requires(...);
ce Contract.Ensures(...);
ci Contract.Invariant(...);
More in user manual 6.3. (page 26) [12] - 53.
- 54. Code Contracts 18
contract tools
.
Requires
Requires
Runtime
.
If-throw
EndContractBlock
Requires
Runtime checking - 55. ?
, .
.
.
.
. - 56.
CodeContracts
BCL CodeContracts
CodeContracts
( , ) - 57. PEX
Path-based program exploration - 58. PEX
- 59. !
? - 60.
Touch of Class: learning to programwellwith objects and contracts
Object-Oriented Software Construction
Object-Oriented Software Construction
Bertrand Meyer
1988,1997 - 61.
[1] Design by Contract - A Conversation with Bertrand Meyer, Part II by Bill Venners
http://www.artima.com/intv/contracts.html
[2] Defensive programming
http://en.wikipedia.org/wiki/Defensive_programming
[3] Dino Esposito, Code Contracts Preview: Preconditions
http://dotnetslackers.com/articles/net/Code-Contracts-Preview-Preconditions.aspx
[4] Dino Esposito, Code Contracts Preview: PostConditions
http://dotnetslackers.com/articles/net/Code-Contracts-Preview-PostConditions.aspx
[5] Dino Esposito, Code Contracts Preview: Invariants
http://dotnetslackers.com/articles/net/Code-Contracts-Preview-Invariants.aspx
[6] Dino Esposito, Code Contracts Preview: Assert & Assume
http://dotnetslackers.com/articles/net/Code-Contracts-Preview-Assert-Assume.aspx
[7] Jon Skeet, Code Contracts in C#
http://www.infoq.com/articles/code-contracts-csharp
[8] Design by Contract - Wikipedia
http://en.wikipedia.org/wiki/Design_by_contract
[9] Precondition - Wikipedia
http://en.wikipedia.org/wiki/Precondition
[10] Postcondition - Wikipedia
http://en.wikipedia.org/wiki/Postcondition
[11] Invariant - Wikipedia
http://en.wikipedia.org/wiki/Invariant_(computer_science)
[12] Code Contracts User Manual
http://research.microsoft.com/en-us/projects/contracts/userdoc.pdf
[13] Code contracts and inheritance
http://stefanoricciardi.com/2009/07/17/code-contracts-and-inheritance/
[14] Assertions in Managed Code
http://msdn.microsoft.com/en-us/library/ttcc4x86.aspx
[15] History's Worst Software Bugs
http://www.wired.com/software/coolapps/news/2005/11/69355?currentPage=2