I would like to get some opinions on an idea for a partial implementation of design by contract.
The goal is to add to the languages that don’t offer it a light version of contracts (invariants and post conditions only) without the need of an external library.
My example is written in Java but I suppose that the idea is good for a lot of OO languages.
We have a class like this:
class myClass{
type1 field1;
type2 field2;
public myClass(type1 param1){
//do something
}
public type3 method1(type1 param1, type3 param2){
if (paramsAreNotOk()){
throw new IllegalArgumentException();
}
// do a lot of things
return //do something
}
}
We extend the code above in this way:
class myClass{
type1 field1;
type2 field2;
public myClass(type1 param1){
//do something
assert invariant();
}
public type3 method1(final type1 param1, final type3 param2){
assert invariant();
myClass old;
assert ((old = this.clone()) != null)
if (paramsAreNotOk()){
throw new IllegalArgumentException();
}
//do a lot of things
type3 res = //do something
assert method1_post(old, param1, param2, res);
assert invariant();
return res;
}
protected boolean invariant(){
// states something about myClass and return a boolean
// OR
// uses some assertions on some helping methods
}
protected boolean method1_post(myClass old, type1 param1, type3 param2, type3 res){
// states something about res and about the modifications made on old
// OR
// uses some assertions on some helping methods
}
}
Limitations of this approach:
– no pre-conditions.
– the contract is not inherited (but please note that invariant and post-conditions are protected and can be reused by a subclass).
– there isn’t any check that invariant and post-conditions don’t modify the state of our object, hence there is a risk of side effects.
– the contract is not part of our documentation in a clear way.
– we need to make cloneable every class.
Now, some questions:
– does this method hurt the performances in any way? I mean even the old and res local variables are removed by the JIT compiler if assertions are disabled?
– do you see any downside of this approach? Why wouldn’t you use this in your classes?
– can you suggest any improvement?
Thank you for your reading and for your opinions.
It’s not horrible, and in fact it’s been written about by others before you. For instance, see Liskov/Guttag’s Program Development in Java, which takes your approach to invariant checking, but calls it repOK() rather than invariant().
In a limited application, it kinda-sorta works. But there are a lot of problems that come out of the fact that contract specifications don’t have to worry about the sort of “who’s calling who” problems that real code does.
My take is that DbC is interesting, and if the language has it (or, even better, something like Python’s function decorators), or you have a tool like Modern Jass, then dig in. But doing it in pure Java isn’t feasible. That said, I’m working on an invariant checking tool that generates code similar to what you have here, minus the call-chain issues (it works instead by extending the classes to accept a visitor which knows when it’s proper to do the check). It requires Eclipse, and has problems of its own (mainly related bad words like private and static), but the checking mechanism is pure Java.