This document discusses software quality tools including code contracts, PEX, and static verification. It introduces design by contract principles and how Microsoft's Code Contracts library implements contracts for .NET programs. Contracts specify preconditions, postconditions, and invariants to define requirements. The document demonstrates how to write contracts and shows how PEX can generate test cases based on contracts. It also discusses how static verification tools like Clousot can check contracts without running code.
Report
Share
Report
Share
1 of 22
More Related Content
Software quality with Code Contracts and PEX - CodeCamp16oct2010
2. Contracts
Design by Contract ™
Code contracts and runtime checking (Foxtrot)
Static verification (Clousot)
Documentation
Automated unit testing (PEX)
3. Design by contract
Described in articles since 1986
Around since the Eiffel language
Bertand Meyer
Analogy with business contracts
Contracts
Preconditions (What does the method expect?)
Postconditions (What does it guarantee?)
Invariants (What does it maintain?)
4. Microsoft Code Contracts Library
Microsoft Research
Code contracts and runtime checking (Foxtrot)
Static checker (Clousot)
Available for .NET 2.0 as an external assembly
Included in .NET 4.0
Integration with Visual Studio 2008/2010
Available in all .NET programming languages
5. Microsoft Code Contracts Tools
Runtime checking
ccrewrite.exe
Static program verification
cccheck.exe
Documentation generation
ccdoc.exe
Automatic testing tools like PEX can take advantage
of contracts
7. Code Contracts
Contracts vs. Validation
Handling legacy code
Pre and post conditions
Documentation
Handling contract failures
Contract violation events
Assert on contract failure
Contracts on interfaces and base classes
Contracts inheritance
Adding contracts to external libraries
Contract reference assemblies
Using a baseline for large projects
11. Known issues
Build slowdown due to the assembly rewriter
No mechanism to provide contracts on delegates
Static checker doesn’t work with closures and yield iterators
You may get static checker errors for generated code
No edit and continue support
12. Static verification
Floyd-Hoare logic proposed in 1969
Sir Charles Antony Richard Hoare
Design by Contract
Bertrand Meyer
Spec#
Microsoft Research (credits go here..)
Code contracts library in .NET Framework 4.0
19. Pex understands your code
Pex does not guess
No random inputs
No brute force
Pex analyzes
Partitions inputs into equivalence classes
One equivalence class per branching behavior
Test inputs computed by Z3 (the constraint solver for program analysis from
Microsoft Research)
Performs inter-procedural, path-sensitive analysis
Results:
Small test suite with high test coverage (new test == new branch in code)
Design by Contract (DbC) or Programming by Contract is an approach to designing computer software. It prescribes that software designers should define formal, precise and verifiable interface specifications for software components, which extend the ordinary definition of abstract data types with preconditions, postconditions and invariants. These specifications are referred to as "contracts", in accordance with a conceptual metaphor with the conditions and obligations of business contracts.
http://en.wikipedia.org/wiki/Design_by_contract
Language agnostic static checking is achieved though Clousot, which is an abstract intepretation-based static analyzer for the analysis of .NET assemblies. It contains abstract domains for checking out-of-bounds array accesses, null dereferences, string usage, and memory accesses in unsafe managed code. It can statically validate Foxtrot contracts.
Hoare logic (also known as Floyd–Hoare logic or Hoare rules) is a formal system with a set of logical rules for reasoning rigorously about the correctness of computer programs. It was proposed in 1969 by the British computer scientist and logician C. A. R. Hoare, and subsequently refined by Hoare and other researchers.[1] The original ideas were seeded by the work of Robert Floyd, who had published a similar system[2] for flowcharts.
ACM Turing Award for "fundamental contributions to the definition and design of programming languages".