Download:
|
by Robert Bruce Findler, Matthias Felleisen
In Proceedings of Sixteenth International Conference Object-Oriented Programming, Systems, Languages, and Applications
http://cs-tr.cs.rice.edu/CS/PLT/Publications/oopsla01-ff.ps
Add To MetaCart
Abstract:
Checking pre- and post-conditions of procedures and methods at runtime helps improve software reliability. In the procedural world, pre- and post-conditions have a straightforward interpretation. If a procedure's pre-condition doesn't hold, the caller failed to establish the proper context. If a post-condition doesn't hold, the procedure failed to compute the expected result. In the object-oriented world, checking pre- and post-conditions for methods, often called contracts in this context, posescomplex problems. Because methods may be overridden, it is not sufficient to check only pre- and post-conditions. In addition, the contract hierarchy must be checked to ensure that the contracts on overridden methods are properly related to the contracts on overriding methods. Otherwise, a class hierarchy may violate the substitution principle, that is, it may no longer be true that an instance of a class is substitutable for objects of the super-class. In this paper, we study the problem of contract enforcement in an object-oriented world from a foundational perspective. More specifically, we study contracts as refinements of types. Pushing the analogy further, we state and prove a contract soundness theorem that captures the essential properties of contract enforcement. We use the theorem to illustrate how most existing tools suffer from a fundamental flaw and how they can be improved. 1.
Citations
|
1415
|
The Java Language Specification
– Gosling, Joy, et al.
- 1996
|
|
1190
|
Object-oriented Software Construction
– Meyer
- 1988
|
|
801
|
A theory of type polymorphism in programming
– Milner
- 1978
|
|
628
|
Eiffel: The Language
– Meyer
- 1991
|
|
393
|
A syntactic approach to type soundness
– Wright, Felleisen
- 1994
|
|
348
|
A behavioral notion of subtyping
– Liskov, Wing
- 1994
|
|
300
|
Applying “design by contract
– Meyer
- 1992
|
|
211
|
Classes and mixins
– Flatt, Krishnamurthi, et al.
- 1998
|
|
134
|
Designing an object-oriented programming language with behavioural subtyping
– America
- 1990
|
|
102
|
A practical approach to programming with assertions
– Rosenblum
- 1995
|
|
96
|
iContract-The Java Design by Contract Tool”, to be published
– Kramer
- 1998
|
|
65
|
An Overview of Anna, a Specification Language for Ada
– Luckham, Henke
- 1985
|
|
62
|
Jass - Java with assertions
– Bartetzko, Fischer, et al.
- 2001
|
|
48
|
jContractor: A reflective Java library to support design by contract
– Karaorman, Holzle, et al.
- 1999
|
|
48
|
JML: notations and tools supporting detailed design in Java
– Leavens, Leino, et al.
- 2000
|
|
30
|
Adding Contracts to Java with Handshake
– Duncan, Hölzle
- 1998
|
|
19
|
Behavioral contracts and behavioral subtyping
– Findler, Latendresse, et al.
- 2001
|
|
13
|
A language manual for Sather 1.1
– Gomes, Stoutamire, et al.
- 1996
|
|
12
|
Blue: Language specification, version 0.94
– Kölling, Rosenberg
- 1997
|
|
10
|
Parallelität und Vererbung beim “Programmieren mit Vertrag
– Bartetzko
- 1999
|
|
6
|
Systems. Design by contract for Java using JMSAssert. http://www.mmsindia.com/DBCForJava.html
– Machine
- 2000
|
|
5
|
Kiev language specification
– Kizub
- 1998
|
|
5
|
Behavioral subtyping using invariants and constraints
– Liskov, Wing
- 1999
|
