License: Creative Commons Attribution 3.0 Unported license (CC BY 3.0)
When quoting this document, please refer to the following
DOI: 10.4230/LIPIcs.ECOOP.2017.9
URN: urn:nbn:de:0030-drops-72590
URL: http://dagstuhl.sunsite.rwth-aachen.de/volltexte/2017/7259/
Go to the corresponding LIPIcs Volume Portal

Dietrich, Jens ; Pearce, David J. ; Jezek, Kamil ; Brada, Premek

Contracts in the Wild: A Study of Java Programs

pdf-format:
LIPIcs-ECOOP-2017-9.pdf (0.6 MB)

Abstract

The use of formal contracts has long been advocated as an approach to develop programs that are provably correct. However, the reality is that adoption of contracts has been slow in practice. Despite this, the adoption of lightweight contracts — typically utilising runtime checking — has progressed. In the case of Java, built-in features of the language (e.g. assertions and exceptions) can be used for this. Furthermore, a number of libraries which facilitate contract checking have arisen.
In this paper, we catalogue 25 techniques and tools for lightweight contract checking in Java, and present the results of an empirical study looking at a dataset extracted from the 200 most popular projects found on Maven Central, constituting roughly 351,034 KLOC. We examine (1) the extent to which contracts are used and (2) what kind of contracts are used. We then investigate how contracts are used to safeguard code, and study problems in the context of two types of substitutability that can be guarded by contracts: (3) unsafe evolution of APIs that may break client programs and (4) violations of Liskovs Substitution Principle (LSP) when methods are overridden. We find that: (1) a wide range of techniques and constructs are used to represent contracts, and often the same program uses different techniques at the same time; (2) overall, contracts are used less than expected, with significant differences between programs; (3) projects that use contracts continue to do so, and expand the use of contracts as they grow and evolve; and, (4) there are cases where the use of contracts points to unsafe subtyping (violations of Liskov's Substitution Principle) and unsafe evolution.

BibTeX - Entry

@InProceedings{dietrich_et_al:LIPIcs:2017:7259,
  author =	{Jens Dietrich and David J. Pearce and Kamil Jezek and Premek Brada},
  title =	{{Contracts in the Wild: A Study of Java Programs}},
  booktitle =	{31st European Conference on Object-Oriented Programming (ECOOP 2017)},
  pages =	{9:1--9:29},
  series =	{Leibniz International Proceedings in Informatics (LIPIcs)},
  ISBN =	{978-3-95977-035-4},
  ISSN =	{1868-8969},
  year =	{2017},
  volume =	{74},
  editor =	{Peter M{\"u}ller},
  publisher =	{Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{http://drops.dagstuhl.de/opus/volltexte/2017/7259},
  URN =		{urn:nbn:de:0030-drops-72590},
  doi =		{10.4230/LIPIcs.ECOOP.2017.9},
  annote =	{Keywords: verification, design-by-contract, assertions, preconditions, postconditions, runtime checking, java, input validation}
}

Keywords: verification, design-by-contract, assertions, preconditions, postconditions, runtime checking, java, input validation
Collection: 31st European Conference on Object-Oriented Programming (ECOOP 2017)
Issue Date: 2017
Date of publication: 16.06.2017

DROPS-Home | Fulltext Search | Imprint | Privacy Published by LZI