SlideShare a Scribd company logo

Software quality with Code Contracts and PEX - CodeCamp16oct2010

Download as PPTX, PDF
Codecamp Romania
Codecamp Romania

This document discusses software quality tools including code contracts, PEX, and static verification. It introduces design by contract principles and how Microsoft's Code Contracts library implements contracts for .NET programs. Contracts specify preconditions, postconditions, and invariants to define requirements. The document demonstrates how to write contracts and shows how PEX can generate test cases based on contracts. It also discusses how static verification tools like Clousot can check contracts without running code.

1 of 22
Software quality with Code Contracts and PEX Sorin DAMIAN
Contracts Design by Contract ™ Code contracts and runtime checking (Foxtrot) Static verification (Clousot) Documentation Automated unit testing (PEX)
Design by contract Described in articles since 1986 Around since the Eiffel language Bertand Meyer Analogy with business contracts Contracts Preconditions (What does the method expect?) Postconditions (What does it guarantee?) Invariants (What does it maintain?)
Microsoft Code Contracts Library Microsoft Research Code contracts and runtime checking (Foxtrot) Static checker (Clousot) Available for .NET 2.0 as an external assembly Included in .NET 4.0 Integration with Visual Studio 2008/2010 Available in all .NET programming languages
Microsoft Code Contracts Tools Runtime checking  ccrewrite.exe Static program verification  cccheck.exe Documentation generation  ccdoc.exe Automatic testing tools like PEX can take advantage of contracts
Expressing contracts Requirement and specification documents Code comments Guards / defensive programming CodeContracts Contract.Requires(arg != null); Contract.Ensures(Contract.Result<int>() > 0); Contract.Invariant(this.Total > 0); Assertions Assumptions
Code Contracts  Contracts vs. Validation  Handling legacy code  Pre and post conditions  Documentation  Handling contract failures  Contract violation events  Assert on contract failure  Contracts on interfaces and base classes  Contracts inheritance  Adding contracts to external libraries  Contract reference assemblies  Using a baseline for large projects
Demo using System.Diagnostics.Contracts;
Code Contracts Preconditions Legacy contracts Post conditions Invariants Side effects and pure methods
Demo Interfaces and contracts inheritance
Known issues  Build slowdown due to the assembly rewriter  No mechanism to provide contracts on delegates  Static checker doesn’t work with closures and yield iterators  You may get static checker errors for generated code  No edit and continue support
Static verification  Floyd-Hoare logic proposed in 1969  Sir Charles Antony Richard Hoare  Design by Contract  Bertrand Meyer  Spec#  Microsoft Research (credits go here..)  Code contracts library in .NET Framework 4.0
Static verification  Verification vs. Testing  Abstract interpretation  Working with existing projects
Pex Explorer
Pex Explorer  Automated white box testing tool for .NET  Parameterized unit tests  Supports multiple frameworks  Test cases for free!!!
Input • [runs the code + monitors it] Collects observed constraints • [picks a branch] Builds constraints system to solve • [solve “Z3���]
Pex Explorer
Demo
Pex understands your code  Pex does not guess  No random inputs  No brute force  Pex analyzes  Partitions inputs into equivalence classes  One equivalence class per branching behavior  Test inputs computed by Z3 (the constraint solver for program analysis from Microsoft Research)  Performs inter-procedural, path-sensitive analysis  Results:  Small test suite with high test coverage (new test == new branch in code)
Q&A
Thank You! And please fill the feedback forms 
Links  http://research.microsoft.com/en-us/projects/contracts/  http://research.microsoft.com/en-us/projects/pex/  http://pexforfun.com/  http://visualstudiogallery.msdn.microsoft.com/en-us/85f0aa38- a8a8-4811-8b86-e7f0b8d8c71b

More Related Content

Software quality with Code Contracts and PEX - CodeCamp16oct2010

  • 1. Software quality with Code Contracts and PEX Sorin DAMIAN
  • 2. Contracts Design by Contract ™ Code contracts and runtime checking (Foxtrot) Static verification (Clousot) Documentation Automated unit testing (PEX)
  • 3. Design by contract Described in articles since 1986 Around since the Eiffel language Bertand Meyer Analogy with business contracts Contracts Preconditions (What does the method expect?) Postconditions (What does it guarantee?) Invariants (What does it maintain?)
  • 4. Microsoft Code Contracts Library Microsoft Research Code contracts and runtime checking (Foxtrot) Static checker (Clousot) Available for .NET 2.0 as an external assembly Included in .NET 4.0 Integration with Visual Studio 2008/2010 Available in all .NET programming languages
  • 5. Microsoft Code Contracts Tools Runtime checking  ccrewrite.exe Static program verification  cccheck.exe Documentation generation  ccdoc.exe Automatic testing tools like PEX can take advantage of contracts
  • 6. Expressing contracts Requirement and specification documents Code comments Guards / defensive programming CodeContracts Contract.Requires(arg != null); Contract.Ensures(Contract.Result<int>() > 0); Contract.Invariant(this.Total > 0); Assertions Assumptions
  • 7. Code Contracts  Contracts vs. Validation  Handling legacy code  Pre and post conditions  Documentation  Handling contract failures  Contract violation events  Assert on contract failure  Contracts on interfaces and base classes  Contracts inheritance  Adding contracts to external libraries  Contract reference assemblies  Using a baseline for large projects
  • 9. Code Contracts Preconditions Legacy contracts Post conditions Invariants Side effects and pure methods
  • 11. Known issues  Build slowdown due to the assembly rewriter  No mechanism to provide contracts on delegates  Static checker doesn’t work with closures and yield iterators  You may get static checker errors for generated code  No edit and continue support
  • 12. Static verification  Floyd-Hoare logic proposed in 1969  Sir Charles Antony Richard Hoare  Design by Contract  Bertrand Meyer  Spec#  Microsoft Research (credits go here..)  Code contracts library in .NET Framework 4.0
  • 13. Static verification  Verification vs. Testing  Abstract interpretation  Working with existing projects
  • 15. Pex Explorer  Automated white box testing tool for .NET  Parameterized unit tests  Supports multiple frameworks  Test cases for free!!!
  • 16. Input • [runs the code + monitors it] Collects observed constraints • [picks a branch] Builds constraints system to solve • [solve “Z3”]
  • 18. Demo
  • 19. Pex understands your code  Pex does not guess  No random inputs  No brute force  Pex analyzes  Partitions inputs into equivalence classes  One equivalence class per branching behavior  Test inputs computed by Z3 (the constraint solver for program analysis from Microsoft Research)  Performs inter-procedural, path-sensitive analysis  Results:  Small test suite with high test coverage (new test == new branch in code)
  • 20. Q&A
  • 21. Thank You! And please fill the feedback forms 
  • 22. Links  http://research.microsoft.com/en-us/projects/contracts/  http://research.microsoft.com/en-us/projects/pex/  http://pexforfun.com/  http://visualstudiogallery.msdn.microsoft.com/en-us/85f0aa38- a8a8-4811-8b86-e7f0b8d8c71b

Editor's Notes

  1. Design by Contract (DbC) or Programming by Contract is an approach to designing computer software. It prescribes that software designers should define formal, precise and verifiable interface specifications for software components, which extend the ordinary definition of abstract data types with preconditions, postconditions and invariants. These specifications are referred to as "contracts", in accordance with a conceptual metaphor with the conditions and obligations of business contracts. http://en.wikipedia.org/wiki/Design_by_contract
  2. Language agnostic static checking is achieved though Clousot, which is an abstract intepretation-based static analyzer for the analysis of .NET assemblies. It contains abstract domains for checking out-of-bounds array accesses, null dereferences, string usage, and memory accesses in unsafe managed code. It can statically validate Foxtrot contracts.
  3. Reference assemblies: C:\Program Files (x86)\Microsoft\Contracts\Contracts\v3.5 Samples: C:\Program Files (x86)\Microsoft\Contracts\Samples
  4. Snippets
  5. http://pexforfun.com/Default.aspx?language=CSharp&sample=AbsVerified
  6. Hoare logic (also known as Floyd–Hoare logic or Hoare rules) is a formal system with a set of logical rules for reasoning rigorously about the correctness of computer programs. It was proposed in 1969 by the British computer scientist and logician C. A. R. Hoare, and subsequently refined by Hoare and other researchers.[1] The original ideas were seeded by the work of Robert Floyd, who had published a similar system[2] for flowcharts. ACM Turing Award for "fundamental contributions to the definition and design of programming languages".