Meyer[Ref] introduced the concept of contracting for Software reliability.
A Class definition represents a statement of what an object of that class can
and will do. Clients can expect a behavior defined by the class specification
together with a set of assertions which aid with the semantics of a module.
Assertions usually take the form of <#595#> preconditions<#595#> and <#596#> post conditions<#596#> that can
be checked just before a method in the object is invoked and just after it
returns. In a distributed system, these would be checked between
receiving a request message and starting execution of the method procedure,
and between completion of the procedure and returning a result message.
Failure of these assertions leads to exceptions. These can be helpful when
constructing <#597#> transaction<#597#> systems (see below).
As well as pre and post conditions, an Object Oriented system allows the
programmer to identify <#598#> class invariants<#598#>. For instance, in the class defined in
chapter 1 for printer spooling, there is a queue which is a finite ordered set
of items to be printed. A Class invariant for this might be:
#equation599#
The use of Class invariants, pre and post conditions decrease the number of
states/cases in the event of failure in an object. Pre and Post conditions are
also tested at well known points of synchronization and we shall see that this
aids in isolating faults in the distributed execution (and decreases the
time spent uselessly blocked in a distributed environment under error
conditions). Of course many applications (e.g. interactive window systems like
X-Windows) map exceptions into total failure. This gives us a strong hint as
to the base method for exception handling in a distributed system!
We shall see later how careful use of exceptions can help isolate problems in a
distributed system.
Another important concept in Meyer's approach is that of side effects in
functions, and whether they should be allowed.
In a distributed system, we have no choice but to allow side effects,
in that state must be stored somewhere - it may simply be in the
output to some static storage, or control of some device (Auto-teller
outputting notes).