[Python-ideas] Why is design-by-contracts not widely adopted?

Rhodri James rhodri at kynesim.co.uk
Wed Sep 26 11:03:16 EDT 2018

On 25/09/18 21:09, Lee Braiden wrote:
> Eh. It's too easy to cry "show me the facts" in any argument.  To do that
> too often is to reduce all discussion to pendantry.

I will resist pointing out the spelling mistake... oh damn :-)

The trouble with not crying "show me the facts" is that it is very easy 
to make beautiful sounding assertions into a vacuum that fall apart the 
moment you subject them to reality.  I'm sure we can all think of 
politicians of a variety of parties and nationalities with an 
unfortunate habit of doing exactly that.

Marko is making some very big assertions about how much of a benefit 
Design by Contract is.  I flat-out don't believe him.  It's up to him to 
provide some evidence, since he's the one pressing for change.

> That verifying data against the contract a function makes code more
> reliable should be self evident to anyone with even the most rudimentary
> understanding of a function call, let alone a library or large
> application.

Let's assume that the contracts are meaningful and useful (which I'm 
pretty sure won't be 100% true; some people are bound to assume that 
writing contracts means they don't have to think).  Assuming that you 
aren't doing some kind of wide-ranging static analysis (which doesn't 
seem to be what we're talking about), all that the contracts have bought 
you is the assurance that *this* invocation of the function with *these* 
parameters giving *this* result is what you expected.  It does not say 
anything about the reliability of the function in general.

It seems to me that a lot of the DbC philosophy seems to assume that 
functions are complex black-boxes whose behaviours are difficult to 
grasp.  In my experience this is very rarely true.  Most functions I 
write are fairly short and easily grokked, even if they do complicated 
things.  That's part of the skill of breaking a problem down, IMHO; if 
the function is long and horrible-looking, I've already got it wrong and 
no amount of protective scaffolding like DbC is going to help.

> It's the reason why type checking exists,

Except Python doesn't type check so much as try operations and see if 
they work.

> and why bounds checking exists,

Not in C, not most of the time :-)

> and why unit checking exists too.

Unit tests are good when you can do them.  A fair bit of the embedded 
code I write isn't very susceptible to automated testing, though, not 
without spending twice as long writing (and testing!) the test 
environment as the code.

Rhodri James *-* Kynesim Ltd

More information about the Python-ideas mailing list