LibLangly icon indicating copy to clipboard operation
LibLangly copied to clipboard

Published 20 hours ago verified publisher icon Entomy

Contract Attributes and Analyzers

Open Entomy opened this issue 3 years ago • 0 comments

Microsoft Researches' Code Contracts was a failure for many reasons, and is essentially unused. I definitely agree with this given the way it was designed. Given it's pre-Roslyn history it required custom additions to the build process, as well as special build flags and many other issues. The contract behaviors were not included in documentation, nor anything reflection or code analyzers can access. Microsoft's approach was doomed from the start to fail.

For those who know my history, y'all know my origins as an Ada developer. The Spark extensions to Ada that added design contracts and static analysis of them did not have these issues. In fact, I found the approach worked extremely well.

I believe the kind of first class contract experience that languages like Ada and Eiffel provided could also be provided for .NET with the right approach. Furthermore, I believe attributes and analyzers are the right approach. Importantly, attributes show up to downstream in IntelliSense, and are accessible via reflection. They can also be statically analyzed and not require code weaving like Fody or PostSharp do. For those who do want this behavior, both options could easily provide this behavior. No additional tooling would be required at all.

PureAttribute needs to be recreated, to avoid the conditional compilation that the legacy contracts approach has. Furthermore, ImpureAttribute should also be defined. Then, analyzers can treat any unannotated code as just that: unannotated with unknown purity. Because of the collision, I suggest putting these in the System.Diagnostics.CodeAnalysis namespace, as that matches the approach being taken far better. It should then be possible for the analyzers to do flow analysis to validate purity, at least to some level. Modification of globals or parameters would be impure, calling an impure function would be impure, etc. Core functions will have to be analyzed and understood manually.

Other attributes can be done similarly, like PositiveAttribute for numeric parameters, etc.

Entomy avatar Aug 02 '21 17:08 Entomy