PyADBC: Design by Contract in Python
PyADBC provides pure python support for Design by Contract. Invariants, pre- and post-conditions are added using decorators.
- Free software: BSD license
To define an invariant on a class (a condition that always holds after the object is instantiated), use the @invariant
decorator. The self
passed into the passed lambda is the same self
that would be passed to a method.
@invariant(lambda self: self.capacity >= 0)
class List(object):
# ...
Preconditions can be specified with @requires
. These are properties that must evaluate to True
before the method is run.
@requires(lambda self: self.size() < self.capacity)
def append(self, bla):
self._size += 1
self.things.append(bla)
Postconditions can be specified with @ensures
:
@ensures(lambda self: self.size() == len(self.things))
def append(self, bla):
self._size += 1
self.things.append(bla)
These are properties that must evaluate to True
after the method has run.
In order to compare properties of the object before and after an operation, PyADBC provides the @old
decorator. You can use it to "cache" values for use in the postcondition.
For example, the following method's postcondition guarantees that the x
instance attribute is increased by one. Dictionaries returned in the functions passed to @old
will be merged and passed as a second argument to the postcondition functions.
@ensures(lambda self, old: old['x'] + 1 == self.x,
lambda self, old: old['size'] < 0)
@old(lambda self: {'x': self.x, 'size': self._size})
def doThing(self):
self.x -= 1
If any conditions defined by the above decorators evaluate to False
, one of the following exceptions will be raised based on what kind of condition it is:
PreconditionFailedException
, which implies that the client of the class failed to satisfy the class's contract.PostconditionFailedException
, which implies that the object itself failed to satisfy its class's contract.InvariantFailedException
, which implies that the object has entered an illegal state.
An important feature of DBC is that it can validate the Liskov Substitution Principle. That is, if a child class CoolList
inherits from the base class List
, its operations should satsify List
's contracts. This gives some assurance that the principle holds for the child class.
To do this with PyADBC, you need to explicitly decorate the child class, e.g.:
@dbcinherit
class CoolList(List):
# ...
If CoolList
overrides the append()
method, the contract of List
's append()
method will be applied to CoolList
's append()
.
This also currently works with multiple inheritance.
- PyDBC, which uses a metaclass.
- pycontract, which uses docstrings. See the Python Enhancement Proposal (PEP) that references this implementation here.
See TODO.md
for missing features. Suggestions and bug reports are always welcome.
Thanks to
- Prof. Constantinos Constantinides, for his feedback regarding Liskov and for teaching me about DBC in the first place