This is part 11/17 of my Exploring the .NET CoreFX series.
In 2008, Microsoft Research published Code Contracts, which provide a language-agnostic way to express coding assumptions in .NET programs. The assumptions take the form of pre-conditions, post-conditions, and object invariants.
Here is a simple example of code which uses Code Contracts:
Code Contracts assertions are not limited to runtime enforcement. They may instead be enforced by compile-time static analysis. For example, it is very simple to annotate methods with Code Contracts, set up a continuous integration (CI) server to perform static analysis, and fail the build if there are any failed assertions. This gives us the best of both worlds: a guarantee our code enforces our assumptions with essentially zero runtime penalty.
By design, Code Contracts are not enforced unless the appropriate tools are configured to check them. For this reason they are usually not appropriate for parameter validation on public methods; there is still the need for traditional parameter validation. However you can combine traditional parameter validation on public methods with Code Contract-based assertions for internal methods as follows:
You can write Code Contracts assertions with just the .NET 4.5 SDK installed, but they will not be enforced. To enforce them at compile-time within Visual Studio:
- Install the Code Contracts for .NET extension using NuGet:
- Restart Visual Studio
- Open up the Project Properties dialog and click on the Code Contracts tab
- Click “Perform Static Contract Checking”
System.Collections.Immutable uses Code Contracts only to express post-conditions and object invariants, never to validate pre-conditions. This is presumably to integrate well with client code which uses Code Contracts.
For more information on Microsoft Code Contracts, please read:
- MSDN’s page on Code Contracts
- Francesco’s Blog on CodeContracts, Static analysis, Abstract Interpretation, etc.
- Kevin Hazzard’s Code Contracts Part 1 – Introduction
- Code Contracts for .NET Extension
- Liberally annotate all methods with Code Contracts post-conditions and object invariants.
- If you can guarantee that a method will be called only by code that you control (e.g.
internalmethods), use Code Contracts to enforce pre-conditions. If you cannot, use traditional parameter validation.
- Integrate Code Contracts static code analysis into your CI pipeline, and fail the build on any warnings.