1.
DmytroMindra
RnD Tech Lead
LohikaLabs
, 2011

2.
:
Visual Studio 2010 Professional. Code ContractsStandard Edition. , .
Code Contracts Premium Edition .

3. Drake Emko & Jen Brodzik, 2001

4. Drake Emko & Jen Brodzik, 2001

5. Drake Emko & Jen Brodzik, 2001

6. Northeast Blackout
-

14 2003
12:15 p.m. MISO
,

.
2:02 p.m. 345
2:14 p.m. ( )
3:05 p.m. 345
3:17 p.m. .
.
3:32 p.m.
345 .

. .. MISO
FirstEnergy .

7. 4:13 p.m. .
256 .
55
24 .

8. Ariane 5 (501)
4 1996

9. 37
US$370-500
US$ 7
4
64-bitfloating point => 16-bitsignedinteger
?
.
.
.

10. 56
2
2
52
Arian 5?
. .

11.

12.
Therac-25 c 1985 1987 6 .[15]
MultidataSystemsInternational 8 . 20 . , , . [15]

13.

14.

15.

16.

17. publicinterfaceIFruit{}publicinterfaceIFruitService{IFruitGetFruit();}
publicclassFruit:IFruit{}publicclassFruitService:IFruitService{
publicIFruitGetFruit(){returnnewFruit();}
}

18. publicclassFruitDealer{privatereadonlyIFruitService_fruitService;privatedouble_dealerMoney;publicFruitDealer(IFruitServicefruitService){_fruitService=fruitService;}publicIFruitSellFruit(doublemoney){_dealerMoney+=money;return_fruitService.GetFruit();}}



money0
if (money 0
do
balance := balance + amount
ensure
updated: balance = old balance + amount end

29. ?

30. Visual Studio 2010 (Premium , Ultimate)
.NET 4.0 (System.Diagnostics.Contracts)
(CodeContract Tools).
:
generate runtime checking from the contracts(ccrewrite)
do a static check that verifies contracts at compile-time (cccheck)
add contracts to the XML documentation files (ccdoc)
LOCATION: [Program Files]MicrosoftContractsBin

31.

32.
public class FruitDealer
{
private readonlyIFruitService_fruitService;
private double _dealerMoney;
public FruitDealer(IFruitServicefruitService)
{
Contract.Requires(fruitService!=null);
_fruitService = fruitService;
}
public IFruitSellFruit(double money)
{
Contract.Requires(money > 0);
Contract.Ensures(Contract.Result()!=null);
_dealerMoney += money;
return _fruitService.GetFruit();
}
}

33. 1
FruitDealerdealer1 = new FruitDealer(null);

34. 2
FruitDealerdealer2 = new FruitDealer(new FruitService());
IFruitfruit2 = dealer2.SellFruit(-10);

35.

36. System.Diagnostics.Contracts
Contract
Attributes
ContractClassAttribute
ContractClassForAttribute
ContractInvariantMethodAttribute
ContractPublicPropertyNameAttribute
ContractReferenceAssemblyAttribute
ContractRuntimeIgnoredAttribute
ContractVerificationAttribute
PureAttribute ( is not enforced by analysis tools )
ContractFailedEventArgs
ContractFailureKind (enum)

37.
Pre-conditions: Requires
Post-conditions: Ensures
Invariants: Invariant
See also: EnsuresOnThrow
Requires

38.
publicclassCustomer {privateint_ID;publicintID{get{return_ID;}
set{
if(value0);
_ID=value;}}}

39.

40. ?

41. Processing collections
Integer range
ForAll(Int32, Int32, Predicate)
Exists(Int32, Int32, Predicate)
Collection
ForAll(IEnumerable, Predicate)
Exists(IEnumerable, Predicate)

42.

43.
OldValue
Result
ValueAtReturn

44.

45.
Assert
Assume , . . Assert. [3]
EndContractBlock - for legacy contracts

46. Assert & Assume
public void Invoke()
{
int x = CalculateSomeValues();
// Tell the checker to verify whether
// x>0.
// (The checker might
// be unable to do it.)
Contract.Assert( x>0 );
// Rest of the code
}
public void Invoke() {
int x = CalculateSomeValues();
// Explicitly tell the checker that
//x>0
Contract.Assume( x>0 );
// Rest of the code
}

47.
[7]
, , .
, .
E.g was require x>10
Added require x>100
Now x = 20 fulfills 1st require but violates 2nd;

48. :

49. ContractFailed
Contract.ContractFailed+=
ContractContractFailed;
staticvoidContractContractFailed(
objectsender, ContractFailedEventArgs e){e.SetHandled();// exception handledConsole.WriteLine(e.Message);}

50. ContractFailed

51. custom contracts &custom rewriters methods
publicstaticclassRuntimeFailureMethods{publicstaticvoidRequires(boolcond,stringuserMsg,stringcondText){}publicstaticvoidEnsures(boolcond,stringuserMsg,stringcondText){}
}
See user manual 7.7. (page 34) [12]

52. Code snippets
crContract.Requires(...);
ce Contract.Ensures(...);
ci Contract.Invariant(...);
More in user manual 6.3. (page 26) [12]

53.

54. Code Contracts 18



contract tools


.

Requires
Requires
Runtime
.
If-throw
EndContractBlock
Requires
Runtime checking

55. ?
, .
.
.
.
.

56.
CodeContracts
BCL CodeContracts

CodeContracts


( , )

57. PEX
Path-based program exploration

58. PEX

59. !
?

60.
Touch of Class: learning to programwellwith objects and contracts
Object-Oriented Software Construction
Object-Oriented Software Construction
Bertrand Meyer
1988,1997

61.
[1] Design by Contract - A Conversation with Bertrand Meyer, Part II by Bill Venners
http://www.artima.com/intv/contracts.html
[2] Defensive programming
http://en.wikipedia.org/wiki/Defensive_programming
[3] Dino Esposito, Code Contracts Preview: Preconditions
http://dotnetslackers.com/articles/net/Code-Contracts-Preview-Preconditions.aspx
[4] Dino Esposito, Code Contracts Preview: PostConditions
http://dotnetslackers.com/articles/net/Code-Contracts-Preview-PostConditions.aspx
[5] Dino Esposito, Code Contracts Preview: Invariants
http://dotnetslackers.com/articles/net/Code-Contracts-Preview-Invariants.aspx
[6] Dino Esposito, Code Contracts Preview: Assert & Assume
http://dotnetslackers.com/articles/net/Code-Contracts-Preview-Assert-Assume.aspx
[7] Jon Skeet, Code Contracts in C#
http://www.infoq.com/articles/code-contracts-csharp
[8] Design by Contract - Wikipedia
http://en.wikipedia.org/wiki/Design_by_contract
[9] Precondition - Wikipedia
http://en.wikipedia.org/wiki/Precondition
[10] Postcondition - Wikipedia
http://en.wikipedia.org/wiki/Postcondition
[11] Invariant - Wikipedia
http://en.wikipedia.org/wiki/Invariant_(computer_science)
[12] Code Contracts User Manual
http://research.microsoft.com/en-us/projects/contracts/userdoc.pdf
[13] Code contracts and inheritance
http://stefanoricciardi.com/2009/07/17/code-contracts-and-inheritance/
[14] Assertions in Managed Code
http://msdn.microsoft.com/en-us/library/ttcc4x86.aspx
[15] History's Worst Software Bugs
http://www.wired.com/software/coolapps/news/2005/11/69355?currentPage=2