Design by Contract, by Example,9780201634600

Design by Contract, by Example

by ;
Edition: 1st
ISBN13: 9780201634600
ISBN10: 0201634600
Format: Paperback
Pub. Date: 2001-10-12
Publisher(s): Addison-Wesley Professional
  • Free Shipping Icon

    This Item Qualifies for Free Shipping!*

    *Excludes marketplace orders.

List Price: $49.99

Rent Book

Select for Price
Add to Cart
There was a problem. Please try again later.

New Book

We're Sorry
Sold Out

Used Book

We're Sorry
Sold Out

eBook

We're Sorry
Not Available

Buy from our Marketplace starting at $130.78

How Marketplace Works:

  • This item is offered by an independent seller and not shipped from our warehouse
  • Item details like edition and cover design may differ from our description; see seller's comments before ordering.
  • Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
  • Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
  • Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.

Summary

WHAT THE BOOK COVERS

Design by contract is all about adding assertions to object-oriented programs, at the design and coding stages. Assertions are facts about a program that must be true for the program to be bug-free. The key assertions in design by contract define preconditions, postconditions, and invariants:

  • A precondition is a condition on a method specifying what must be true for it to be valid to call the method.
  • A postcondition is a condition on a method specifying what will become true when the method successfully completes.
  • An invariant is a condition on a whole class specifying what is true about any object of the class whenever you can call a method on that object.

The assertions are written in a programming language, so that

  • They make sense to programmers, providing good, helpful documentation.
  • They can be checked at runtime, providing support for testing and debugging.

This book concentrates on showing you how to write good contracts. The book presents six principles for writing good contracts, and some supporting guidelines. Through examples, the book motivates the principles and guidelines and shows them in use.

After studying the first three chapters, you will be in a position to write high-quality contracts. The rest of the book will help you do even better.

In addition to chapters that develop contracts for individual example classes, there are chapters on contracts in relation to inheritance and on the topic of frame rules (contracts that assert what does not change). Two larger examples towards the end of the book involve developing contracts across more than one class. Chapter 9 concerns the Observer pattern from Gamma et al. 1994, and Chapter 10 presents a small application in which an object in the user interface is shown to respect part of a contract in the heart of the application. Chapter 12 discusses the use of contracts in systems analysis. Chapter 8 reviews the benefits of using contracts and compares design by contract to defensive programming. Chapter 11 explores how to attach contracts to interfaces and explores briefly how you might implement contracts in a distributed environment.

PROGRAMMING LANGUAGES

The examples are presented first in the object-oriented programming language Eiffel. We chose Eiffel for three reasons:

  1. Eiffel has built-in support for contracts, so it is excellent for showing the concepts at work.
  2. Eiffel is easy to read, so it's a good pseudo-code from which you can implement the ideas in any object-oriented programming language.
  3. Commercial-strength compilers are available for Eiffel, so our contracts can play both their intended roles, as specifications and as checks. A contract is a specification of a class, describing precisely what services the class delivers. The assertions in a contract can be evaluated at runtime to check that the implementing code is consistent with its specification.

You don't have to be an Eiffel programmer to follow the examples. We are sure you'll be able to carry the principles over to your own programming environment. The issues we raise, and the advice we give, are not specific to Eiffel.

We do rework two of our examples in Java, using a preprocessor (called iContract) that provides support for contracts. This allows us to explore some issues that do not arise so directly in Eiffel and to show you contracts in another language.

WHO THE BOOK IS FOR

The book is written for anyone who wants to find out how to write good contracts. We intend it to be useful to practitioners, students (especially the early chapters), teachers, and researchers.

We don't believe the book is one you can curl up with by the fire (in winter) or the pool (in summer) and read your way through. We believe its material has to be studied and, most importantly, tried out. We hope you have access to a programming environment that supports contracts, such as a Java compiler and the iContract tool (see the bibliography for more information) or an Eiffel compiler (again, more information in the bibliography).

We do not teach object-oriented programming. We assume you know how to program in some object-oriented programming language. We have tried to give enough explanation of the Eiffel and Java code that those familiar with other OO languages can follow the examples.

STYLE

The book is based firmly on examples. Usually, a chapter is based on a single example. This means that there is quite a lot of code to wade through at times. However, most of the code is at the level of assertions, which define what a piece of program achieves. This level of code is generally easier to understand than the code that defines how a piece of program achieves its goal. In addition, we usually dissect the code a few lines at a time to make it easier to follow the discussion.

The examples are mostly simple ones. For example, instead of writing full contracts for the customer manager component introduced in Chapter 1, we write them for a look-up table (or dictionary), which is the data structure that underpins the customer manager component. That way, you won't get lost in too many details, and you won't lose sight of the basic principles. Once you see the principles, we are confident you'll be able to apply them to your own, more complicated examples.

We have been selective in what we put into this book. Other books have useful and insightful things to say on the subject of design by contract, but we have concentrated on what makes this book different--the advice it gives on how to write good contracts.

And, of course, this book is not the end of the story of design by contract. There is more work to be done on writing contracts, on developing the underlying technology and the underlying theory, on applying the ideas in broader contexts, and on assessing the benefits in practice.

WEB SITE

There is a Web site associated with the book. It contains the source code of the examples. Our hope is that you will download the code and play with it. Change the code. Add bugs, both in the implementation and in the contracts, and see what happens. Change the examples into new ones. Experiment. Use them on real projects. That's how we learned about contracts.



0201634600P12122001

Author Biography

Richard Mitchell is a senior consultant with InferData Corporation, specializing in object-oriented analysis and design. Before joining InferData full-time in 1999, he was a Professor of Computing at the University of Brighton, UK, where he was involved in teaching and researching object technology.

Jim McKim is Clinical Professor and Chair of the Department of Engineering and Science at Rensselaer Polytechnic Institute in Hartford, Connecticut. He has been teaching and consulting in the area of object oriented software development for some 10 years. Over the same period he has authored or coauthored numerous articles on Design by Contract for such publications as the Journal of Object-Oriented Programming and IEEE Computer.



0201634600AB08142001

Table of Contents

Foreword ix
Preface xi
A First Taste of Design by Contract
1(16)
About This Chapter
1(1)
The Customer Manager Example
2(3)
Some Questions
5(1)
A Contract for CUSTOMER_MANAGER
6(3)
The Story So Far
9(2)
Runtime Checking
11(2)
Trustworthy Documentation
13(2)
Summary
15(1)
An Aide Memoire
15(1)
Things to Do
15(2)
Elementary Principles of Design by Contract
17(30)
About This Chapter
17(1)
Stacks
18(1)
Separate Commands and Queries
19(3)
Naming Conventions
22(1)
Separate Basic Queries and Derived Queries
23(3)
Specify How Commands Affect Basic Queries
26(8)
Capture Unchanging Properties in Invariants
34(2)
The Class and Its Contract
36(2)
The Basic Queries Are a Conceptual Model of Stacks
38(4)
The Six Principles
42(1)
Things to Do
43(4)
Applying the Six Principles
47(22)
About This Chapter
47(1)
Dictionaries
47(1)
Separating and Categorizing Features
48(2)
Postconditions
50(6)
Preconditions
56(6)
Invariant
62(1)
A Complete, Contract-Level View of DICTIONARY
63(2)
Summary
65(1)
Things to Do
66(3)
Building Support for Contracts---Immutable Lists
69(14)
About This Chapter
69(1)
Support for Linear Structures
69(1)
Contracts Involve Expressions
70(1)
Immutable Lists
71(1)
A Contract for Immutable Lists
72(9)
The Basic Queries
72(2)
The Creation Command
74(1)
The Derived Query count
74(1)
The Derived Query preceded_by
74(1)
The Derived Query item
75(2)
The Derived Query is_equal
77(2)
The Derived Query sublist
79(2)
Summary
81(1)
Things to Do
81(2)
Applying the Six Principles to QUEUE
83(16)
About This Chapter
83(1)
Queues
83(1)
A Contract for the remove Feature
84(4)
Making count a Derived Feature
88(3)
A Contract for the Initialize Feature
91(2)
A Contract for the head Feature
93(1)
A Contract for the put Feature
94(1)
More Derived Queries
94(1)
Summary
95(1)
Things to Do
96(3)
Design by Contract and Inheritance
99(20)
About This Chapter
99(1)
Superclasses and Subclasses
99(1)
Redefining Contracts
100(8)
Eiffel Syntax
104(3)
Summary
107(1)
Invariants and Inheritance
108(1)
Designing Superclasses with Guarded Postconditions
109(7)
Two Kinds of Inheritance
116(1)
Summary
117(1)
Things to Do
117(2)
Frame Rules
119(18)
About This Chapter
119(1)
Change Specifications and Frame Rules
119(2)
Frame Rules for put Using Immutable Lists
121(7)
Frame Rules for Put Using ``Forall''
128(2)
Kinds of Frame Rules
130(2)
Things to Do
132(1)
Appendix: More About the Preprocessor
132(5)
Benefits of Design by Contract
137(12)
About This Chapter
137(1)
Kinds of Benefits
137(1)
Better Designs
138(2)
Improved Reliability
140(1)
Better Documentation
140(2)
Easier Debugging
142(1)
Support for Reuse
142(1)
Design by Contract and Defensive Programming
143(3)
Defending a Program Against Unwanted Input
143(1)
Bulletproofing a Routine
144(1)
Defensive Programming
145(1)
Some Costs and Limitations of Contracts
146(3)
Contracts for an Observer Framework
149(20)
About This Chapter
149(1)
The Observer Framework
150(2)
Immutable Sets
152(3)
Attaching and Detaching Observers
155(1)
Notification (For One Observer)
156(2)
Notification (For All Observers)
158(2)
A Performance Issue
160(1)
Frame Rules
161(3)
Privacy
164(2)
Things to Do
166(3)
Fulfilling a Precondition
169(20)
About This Chapter
169(1)
The Examples
170(1)
Fulfilling and Testing a Precondition
170(2)
Testing Versus Checking
172(1)
A Simple Counter Class
173(1)
The User's View of the Program
174(2)
The Internal Structure of the Program
176(2)
The Program's Behavior
178(6)
A Minor Detail
184(2)
Summary
186(1)
Things to Do
187(2)
Java Examples
189(26)
About This Chapter
189(1)
Why Java?
190(1)
Queues
190(8)
The Basic Query size()
192(1)
The Basic Query get()
193(1)
The Derived Query head()
193(1)
The Derived Query isEmpty()
194(1)
The Derived Query shallowCopy()
194(1)
The Constructor Queue
195(1)
The Command put
196(1)
The Command remove
196(2)
Summary
198(1)
Dictionaries
198(5)
Names
199(1)
The Invariant
200(1)
The Basic Queries
200(1)
A Derived Query
201(1)
The Commands
201(1)
The Constructor
202(1)
A Possible Set of Classes
203(1)
Java Without iContract
203(4)
Precondition Testing
207(5)
Things to Do
212(3)
Analysis by Contract
215(12)
About This Chapter
215(1)
A Use Case
215(2)
Contracts in Analysis Models
217(1)
A Contract for the withdrawCash Use Case
217(3)
From Analysis to Design
220(1)
Problem Domain and System Models
221(3)
The Object Constraint Language
224(1)
Summary
225(2)
Bibliography 227(4)
Index 231

Excerpts

WHAT THE BOOK COVERS Design by contract is all about adding assertions to object-oriented programs, at the design and coding stages. Assertions are facts about a program that must be true for the program to be bug-free. The key assertions in design by contract define preconditions, postconditions, and invariants: A precondition is a condition on a method specifying what must be true for it to be valid to call the method. A postcondition is a condition on a method specifying what will become true when the method successfully completes. An invariant is a condition on a whole class specifying what is true about any object of the class whenever you can call a method on that object. The assertions are written in a programming language, so that They make sense to programmers, providing good, helpful documentation. They can be checked at runtime, providing support for testing and debugging. This book concentrates on showing you how to write good contracts. The book presents six principles for writing good contracts, and some supporting guidelines. Through examples, the book motivates the principles and guidelines and shows them in use. After studying the first three chapters, you will be in a position to write high-quality contracts. The rest of the book will help you do even better. In addition to chapters that develop contracts for individual example classes, there are chapters on contracts in relation to inheritance and on the topic of frame rules (contracts that assert what does not change). Two larger examples towards the end of the book involve developing contracts across more than one class. Chapter 9 concerns the Observer pattern from Gamma et al. 1994, and Chapter 10 presents a small application in which an object in the user interface is shown to respect part of a contract in the heart of the application. Chapter 12 discusses the use of contracts in systems analysis. Chapter 8 reviews the benefits of using contracts and compares design by contract to defensive programming. Chapter 11 explores how to attach contracts to interfaces and explores briefly how you might implement contracts in a distributed environment. PROGRAMMING LANGUAGES The examples are presented first in the object-oriented programming language Eiffel. We chose Eiffel for three reasons: Eiffel has built-in support for contracts, so it is excellent for showing the concepts at work. Eiffel is easy to read, so it''s a good pseudo-code from which you can implement the ideas in any object-oriented programming language. Commercial-strength compilers are available for Eiffel, so our contracts can play both their intended roles, as specifications and as checks. A contract is a specification of a class, describing precisely what services the class delivers. The assertions in a contract can be evaluated at runtime to check that the implementing code is consistent with its specification. You don''t have to be an Eiffel programmer to follow the examples. We are sure you''ll be able to carry the principles over to your own programming environment. The issues we raise, and the advice we give, are not specific to Eiffel. We do rework two of our examples in Java, using a preprocessor (called iContract) that provides support for contracts. This allows us to explore some issues that do not arise so directly in Eiffel and to show you contracts in another language. WHO THE BOOK IS FOR The book is written for anyone who wants to find out how to write good contracts. We intend it to be useful to practitioners, students (especially the early chapters), teachers, and researchers. We don''t believe the book is one you can curl up with by the fire (in winter) or the pool (in summer) and read your way through. We believe its material has to be studied and, most importantly, tried out. We hope you have access to a programming environment that supports contracts, such as a Java compiler and the iContract tool (see the bibliography for more information) or an Eiffel compiler (again, more information in the bibliography). We do not teach object-oriented programming. We assume you know how to program in some object-oriented programming language. We have tried to give enough explanation of the Eiffel and Java code that those familiar with other OO languages can follow the examples. STYLE The book is based firmly on examples. Usually, a chapter is based on a single example. This means that there is quite a lot of code to wade through at times. However, most of the code is at the level of assertions, which define what a piece of program achieves. This level of code is generally easier to understand than the code that defines how a piece of program achieves its goal. In addition, we usually dissect the code a few lines at a time to make it easier to follow the discussion. The examples are mostly simple ones. For example, instead of writing full contracts for the customer manager component introduced in Chapter 1, we write them for a look-up table (or dictionary), which is the data structure that underpins the customer manager component. That way, you won''t get lost in too many details, and you won''t lose sight of the basic principles. Once you see the principles, we are confident you''ll be able to apply them to your own, more complicated examples. We have been selective in what we put into this book. Other books have useful and insightful things to say on the subject of design by contract, but we have concentrated on what makes this book different--the advice it gives on how to write good contracts. And, of course, this book is not the end of the story of design by contract. There is more work to be done on writing contracts, on developing the underlying technology and the underlying theory, on applying the ideas in broader contexts, and on assessing the benefits in practice. WEB SITE There is a Web site associated with the book. It contains the source code of the examples. Our hope is that you will download the code and play with it. Change the code. Add bugs, both in the implementation and in the contracts, and see what happens. Change the examples into new ones. Experiment. Use them on real projects. That''s how we learned about contracts. 0201634600P12122001

An electronic version of this book is available through VitalSource.

This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.

By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.

Digital License

You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.

More details can be found here.

A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.

Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.

Please view the compatibility matrix prior to purchase.