Category: Uncategorized

We saw that a possible way to simplify clients’ lives is to make your method return a “soft value” instead of throwing an exception. Go back to listing 4.5 for an example. My rule of thumb is the following:

Java does not offer a clear mechanism for expressing code contracts. Only a few popular programming languages do, such as F#. The assert keyword in Java is okay, but if you forget to enable it in the runtime, the contracts may not be checked in production. That is why many developers prefer to use (checked or unchecked)… Continue reading Asserts and exceptions: When to use one or the other

Developers are aware of how important input validation is. A mistake in the validation may lead to security vulnerabilities. Therefore, developers often handle input validation whenever data comes from the end user. Consider a web application that stores products for an online store. To add a new product, a user must pass a name, a… Continue reading Input validation, contracts, or both?

A very important design decision when modeling contracts is whether to use strong or weak contracts. This is a matter of trade-offs. Consider a method with a weak pre-condition. For example, the method accepts any input value, including null. This method is easy for clients to use for the clients: any call to it will… Continue reading Weak or strong pre-conditions?

Let me close with some pragmatic tips on how to use design-by-contract in practice.

Defining clear pre-conditions, post-conditions, and invariants (and automating them in your code via, for example, assertions) helps developers in many ways. First, assertions ensure that bugs are detected early in the production environment. As soon as a contract is violated, the program halts instead of continuing its execution, which is usually a good idea. The… Continue reading How is design-by-contract related to testing?

We mostly use Java for the examples and Java is an object-oriented language, so I must discuss what happens when we use inheritance. Figure 4.2 shows that the TaxCalculator class has many children (TaxCalculatorBrazil which calculates taxes in Brazil, TaxCalculatorNL, which calculates taxes in the Netherlands, and so on). These child classes all override calculateTax() and change the pre- or post-conditions… Continue reading Inheritance and contracts

We have seen that pre-conditions should hold before a method’s execution, and post-conditions should hold after a method’s execution. Now we move on to conditions that must always hold before and after a method’s execution. These conditions are called invariants. An invariant is thus a condition that holds throughout the entire lifetime of an object or a data… Continue reading Invariants

When defining pre- and post-conditions, an important decision is how weak or strong you want them to be. In the previous example, we handle the pre-condition very strongly: if a negative value comes in, it violates the pre-condition of the method, so we halt the program. One way to avoid halting the program due to… Continue reading Strong and weak pre- and post-conditions

The Java language offers the keyword assert, which is a native way of writing assertions. In the previous example, instead of throwing an exception, we could write assert value >= 0 : “Value cannot be negative.”. If value is not greater than or equal to 0, the Java Virtual Machine (JVM) will throw an AssertionError. In the following listing, I show a version of the TaxCalculator using asserts. Listing 4.3 TaxCalculator with… Continue reading The assert keyword