The first language which put emphasis on design by contract was Eiffel. It seems that the term is born with/for it.
Eiffel encourages software developers to express formal properties of classes by writing assertions.
(From here.)
Hence we have preconditions (require), postconditions (ensure), class invariant (invariant), and all the related features.
Assertions play a central part in the Eiffel method for building reliable object-oriented software. They serve to make explicit the assumptions on which programmers rely when they write software elements that they believe are correct. Writing assertions amounts to spelling out the terms of the contract which governs the relationship between a routine and its callers. […]
The underlying theory of Design by Contract™1, the centerpiece of the Eiffel method, views software construction as based on contracts between clients (callers) and suppliers (routines), relying on mutual obligations and benefits made explicit by the assertions.
More about Eiffel's trademarked Design by Contract™ for example in the tutorial, when they talk about exceptions.
I think this is something to be remembered:
It should be clear from the preceding discussion that contracts are not a mechanism to test for special conditions, for example erroneous user input. […] An assertion is instead a correctness condition governing the relationship between two software modules (not a software module and a human, or a software module and an external device2)
Exceptions
Of course Eiffel has exceptions handling. It has a rescue clause where other languages use catch (e.g. C++) or exception (e.g. Ada). An interesting thing which I haven't seen in other languages (so far) is that the rescue clause may have a retry instruction.
Why not Eiffel
Eiffel is one of those languages I've never tried and for which I haven't a compiler on my “for fun” system. This was mainly due to its “closed” commercial nature (.com). Compare it with C, C++, Java, Go, Python, and other successful languages you can use without having to pay a fee, and moreover you aren't bound to a commercial platform (though they may exist): they are all promoted also by the fact that free (gratis) and/or opensource toolchains exist: make money through consulting instead of licensing the usage of the language. The latter seems to be the path chosen by Eiffel Software. Seemed…?
In fact something must have changed, or whatever. Anyway, now there's a community edition of EiffelStudio, making it possible at least to try the language and learn it (the .org resources).
From wikipedia: Eiffel Software applied for trademark registration for Design by Contract in December 2003, and it was granted in December 2004. This trademarking is a creepy/scary thing, being “design by contract” a generic description (aren't interface agreements a contract made between two parties while designing a software system? Are they stating that this sort of necessity is born with them and wouldn't be in the game without their contribution?). If you look into the details, you can have whichever patent, but the trademark on the expression is something I can't get. Anyway, since “Design by contract” (no ™ crap here) “has its roots in work on formal verification, formal specification and Hoare logic”, the Design by Contract™ (™ crap here) must have given some kind of original contribution and Wikipedia lists four points. Which aren't all very much original nowadays (I don't know how much Eiffel has to do with this.) Heirs of those men of the past who made the ground on which very much of what we are now is built on should be very sad because things like ™ and patents didn't exist in those ancient time. They would have made them very rich and powerful.↩
E.g. a device such as an IMU? See my Performance-impacting postconditions: in the last section, sort of postilla, it seems I'm implying that pre and postconditions, if used properly in the Schiaparelli's software, could have saved it. In Just another Schiaparelli, though, I'm using the fact that Ada is a strongly typed language which allows to specify the domain of a variable in a more “strict” way than other languages. Thus I've used the type system, rather than “design by contract” features, in order to imaginatively cope with the Schiaparelli's software flaw(s).↩
No comments:
Post a Comment