Answer to Fredrik Normén on Defensive programming and Design by Contract on a routine level.

"Design by Contract is about creating a contract between the client and the supplier. The idea of the Design by Contract theory is to associate a specification with every software elements. This specification will define a contract between client and the supplier. When a supplier writes a contract with the client, it should document the obligations and benefits"

There is always a contract between a software element and its client. The question is if the contract is implicit or explicitly stated. Lets look at an example from the .NET framework:

Summary:
Adds an element with the specified key and value into the System.Collections.Hashtable.

Parameters:
key: The key of the element to add.
value: The value of the element to add. The value can be null.

Exceptions:
System.ArgumentNullException: key is null.
System.ArgumentException: An element with the same key already exists in the System.Collections.Hashtable.
System.NotSupportedException: The System.Collections.Hashtable is read-only.-or- The System.Collections.Hashtable has a fixed size.

A short analysis conducts that the method's contract can be expressed like this:

Precondition:
 ○ true
Postcondition:
 ○ If key is null ArgumentNullException is thrown
 ○ If ContainsKey(key) ArgumentException is thrown
 ○ Else this[key] == value
 ○ And Count == old Count + 1
 
An analysis of the contract shows that the contract can be made stronger like this:

Precondition:
 ○ Key != null
 ○ !ContainsKey(key)
Postcondition:
 ○ this[key] == value
 ○ Count == old Count + 1
 
In the theory of contracts there is this concept of strong versus week contacts where the first is more demanding on the client than the last. Hence, the precondition is now more demanding on the client and this can be taken advantage of in the routine implementation. In the pseudo code below we can see the difference:

Week contract supplier

Strong contract supplier

Using the stronger contract we get a much cleaner implementation of the routine. How about the client code then? Well, take a look:

Week contract client

Strong contract client

Of course, the code for the strong contract client can be used with the week contract as well. The main point is that with the strong contract no error handling should be made because then there is an error in the client code which should be corrected, not handled at runtime. The routine only promise to satisfy the post condition if and only if  the pre condition is satisfied by the client. If the pre condition is not met the outcome is undefined and anything can happen from nothing at all to the system crashing. This is where frameworks that permit developers to express the contract in code comes in.

Design-by-Contract Frameworks

• nContract
  • MS thesis by Wes Haggard
  • Example:

[FormallySpecified]
public class Test {
  [Pre("i > 0")]
  public void DoWork(int i) { }
}

• ContractN
  • By Dave Sexton
  • Example:

public class Person : ContractN.ProgrammingByContract
{
  [InRequired, OutRequired]
  public string Name { get; set; }
}

• Design by Contract Framework
  • By Kevin McFarlane
  • Example:

public virtual int B.Foo(int x)
{
  Check.Require(1 < x < 3);
  ...
  Check.Ensure(result < 15);
  return result;
}