Lyntale: MS Code Contracts

1,075 views

Published on

Lyntale fra Computasdagen 05.05.11

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,075
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Lyntale: MS Code Contracts

  1. 1. ms code contracts<br />eih<br />
  2. 2. what is<br />a code contract?<br />
  3. 3. caller<br />
  4. 4. callee<br />
  5. 5. contract<br />
  6. 6. a weakcontract<br />bool Equals(object o)<br />
  7. 7. what is<br />design by contract?<br />
  8. 8. “Unless design by contract evokes images of curly hair and a French landmark in your head, you got it wrong.”<br />
  9. 9. invented by <br />Bertrand Meyer<br />
  10. 10. a better contract<br />what does it expect?<br />what does it guarantee?<br />what does it maintain?<br />
  11. 11. dbc tenets<br />> prerequisites<br />> postconditions<br />> invariants<br />
  12. 12. example<br />stack<br />
  13. 13. stack<br />> Push(Tt)<br />> T Pop()<br />> T Top()<br />> int Count<br />> IsEmpty<br />
  14. 14. dbc by hand<br />
  15. 15. example<br />T Pop()<br />{<br /> return _list.RemoveLast();<br />}<br />
  16. 16. precondition<br />T Pop()<br />{<br />Debug.Assert(!IsEmpty);<br /> return _list.RemoveLast();<br />}<br />
  17. 17. example<br />voidPush(T t)<br />{<br /> _list.Add(t);<br />}<br />
  18. 18. postcondition<br />voidPush(T t)<br />{<br /> try {<br /> _list.Add(t);<br />}<br /> finally {<br /> Debug.Assert(!IsEmpty); <br /> }<br />}<br />
  19. 19. invariant<br />Count >= 0<br />
  20. 20. limitations<br />tedious!<br />
  21. 21. limitations<br />clutters the code!<br />
  22. 22. what is<br />ms code contracts?<br />
  23. 23. dbc.net<br />
  24. 24. codecontracts<br />> rewriter<br />> verifier<br />
  25. 25. rewriter<br />injects runtime checks<br />
  26. 26. example<br />T Pop()<br />{<br /> return _list.RemoveLast();<br />}<br />
  27. 27. precondition<br />T Pop()<br />{<br />Contract.Requires(!IsEmpty);<br /> return _list.RemoveLast();<br />}<br />
  28. 28. rewritten to<br />T Pop()<br />{<br />if (__ContractsRuntime.insideContractEvaluation <= 4)<br /> {<br /> try<br /> {<br /> __ContractsRuntime.insideContractEvaluation++;<br /> __ContractsRuntime.Requires(!this.IsEmpty, null, "!IsEmpty");<br /> }<br /> finally<br /> {<br /> __ContractsRuntime.insideContractEvaluation--;<br /> }<br /> }<br /> return this._list.RemoveLast<T>();<br />}<br />
  29. 29. example<br />void Push(T t)<br />{<br /> _list.Add(t);<br />}<br />
  30. 30. postcondition<br />voidPush(T t)<br />{<br />Contract.Ensures(!IsEmpty);<br /> _list.Add(t);<br />}<br />
  31. 31. rewritten to<br />void Push(T t)<br />{<br /> this._list.Add(t);<br />if (__ContractsRuntime.insideContractEvaluation <= 4)<br /> {<br /> try<br /> {<br />__ContractsRuntime.insideContractEvaluation++;<br /> __ContractsRuntime.Ensures(!this.IsEmpty, null, "!IsEmpty");<br /> }<br /> finally<br /> {<br /> __ContractsRuntime.insideContractEvaluation--;<br /> }<br /> }<br />}<br />
  32. 32. invariant<br />[ContractInvariantMethod]<br />private void Invariant()<br />{<br /> Contract.Invariant(Count >= 0);<br />}<br />
  33. 33. verifier<br />performs static checks<br />
  34. 34. verifier<br />vs>= premium<br />
  35. 35. verifier<br />
  36. 36. so far<br />so good<br />
  37. 37. a stricter contract<br />T Pop()<br />{<br />Contract.Requires(!IsEmpty);<br /> Contract.Ensures(Count < Contract.OldValue(Count));<br /> Contract.Ensures(Contract.Result<T>()<br /> .Equals(Contract.OldValue(Top())));<br /> return _list.RemoveLast();<br />}<br />
  38. 38. critique<br />> ugly syntax<br />> in method body<br />> interface hack<br />
  39. 39. yuck.<br />
  40. 40. what is<br />spec#?<br />
  41. 41. precondition<br />T Pop()<br /> requires !IsEmpty;<br />{<br /> return _list.RemoveLast();<br />}<br />
  42. 42. postcondition<br />void Push(T t)<br /> ensures !IsEmpty;<br />{<br />_list.Add(t);<br />}<br />
  43. 43. a stricter contract<br />T Pop()<br /> requires !IsEmpty;<br /> ensures Count > old(Count);<br /> ensures result == old(Top()); <br />{<br /> return _list.RemoveLast();<br />}<br />
  44. 44. muchbetter!<br />
  45. 45. lesson<br />syntax helps<br />
  46. 46. conclusion<br />
  47. 47. design by contract? <br />yay!<br />
  48. 48. ms code contracts? <br />meh.<br />
  49. 49. spec#?<br />yay!<br />

×