Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Contract Attributes and Analyzers #296

Open
Entomy opened this issue Aug 2, 2021 · 0 comments
Open

Contract Attributes and Analyzers #296

Entomy opened this issue Aug 2, 2021 · 0 comments
Labels
🏗 Architectural Related to architecture of the code 💢 Difficult This issue is expected to be difficult to resolve 🛠 Enhancement New feature or request 🛡 Hardening Hardening up code through defensive programming techniques
Milestone
v6.0

Comments

@Entomy
Copy link
Owner

Entomy commented Aug 2, 2021

Microsoft Researches' Code Contracts was a failure for many reasons, and is essentially unused. I definitely agree with this given the way it was designed. Given it's pre-Roslyn history it required custom additions to the build process, as well as special build flags and many other issues. The contract behaviors were not included in documentation, nor anything reflection or code analyzers can access. Microsoft's approach was doomed from the start to fail.

For those who know my history, y'all know my origins as an Ada developer. The Spark extensions to Ada that added design contracts and static analysis of them did not have these issues. In fact, I found the approach worked extremely well.

I believe the kind of first class contract experience that languages like Ada and Eiffel provided could also be provided for .NET with the right approach. Furthermore, I believe attributes and analyzers are the right approach. Importantly, attributes show up to downstream in IntelliSense, and are accessible via reflection. They can also be statically analyzed and not require code weaving like Fody or PostSharp do. For those who do want this behavior, both options could easily provide this behavior. No additional tooling would be required at all.

PureAttribute needs to be recreated, to avoid the conditional compilation that the legacy contracts approach has. Furthermore, ImpureAttribute should also be defined. Then, analyzers can treat any unannotated code as just that: unannotated with unknown purity. Because of the collision, I suggest putting these in the System.Diagnostics.CodeAnalysis namespace, as that matches the approach being taken far better. It should then be possible for the analyzers to do flow analysis to validate purity, at least to some level. Modification of globals or parameters would be impure, calling an impure function would be impure, etc. Core functions will have to be analyzed and understood manually.

Other attributes can be done similarly, like PositiveAttribute for numeric parameters, etc.
@Entomy Entomy added 🏗 Architectural Related to architecture of the code 💢 Difficult This issue is expected to be difficult to resolve 🛠 Enhancement New feature or request 🛡 Hardening Hardening up code through defensive programming techniques labels Aug 2, 2021
@Entomy Entomy added this to the v6.0 milestone Aug 2, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
🏗 Architectural Related to architecture of the code 💢 Difficult This issue is expected to be difficult to resolve 🛠 Enhancement New feature or request 🛡 Hardening Hardening up code through defensive programming techniques
Projects
None yet
Milestone
v6.0
Development

No branches or pull requests
1 participant
@Entomy