Why am I getting malformed contract, in by C# code?

Question

Visual Studio shows an error when I write this contract below.

Error 20 Malformed contract section in method '....get_Page'

Is the problem with the if block?

public int? Page
{
  get
  {
    int? result = Contract.Result<int?>();

    if (result != null)
        Contract.Ensures(result >= 0);

    return default(int?);
  }
}

EDIT:

Lasse V. Karisen has posted in comments:

How about: Contract.Ensures(result == null || result >= 0); ?

Yes Karisen, I've tried this before and it compiles. But the question remains: isn't it possible to have ifs when using contracts?

Another problem I'm having is clueless (mainly considering the example above works), involves the use of result also:

public int IndexOf(T item)
{
    Contract.Assert(item != null);
    Contract.Assert((item as IEntity).ID > 0);

    int result = Contract.Result<int>();
    Contract.Ensures(result >= -1);

    return default(int);
}

How about: Contract.Ensures(result == null || result >= 0); ? — Lasse V. Karlsen, Dec 21 '09 at 01:45
To be honest, I haven't looked at code contracts for C# 4.0 yet, I'm still swamped with work in C# 3.0 and .NET 3.5. But, if the point of calling it a "contract" is that it is just that, then remember that criteria that stipulates when a contract is valid is written *in* the contract, not outside of it. You don't have a contract that says when that other contract is valid. So to me, this sounds like must be like this, you must write a contract that specifies when everything is peachy, and that contract must not be dependent on outside criteria. — Lasse V. Karlsen, Dec 21 '09 at 01:52

score 10 · Answer 1 · answered Apr 02 '12 at 16:59

10

The contract is malformed because all contract clauses MUST appear before any other code.

answered Apr 02 '12 at 16:59

bkqc

831
6
25

1

Yes, in C# all contracts go at the start. ( In eiffel Requires go at start, Ensures go at end. ) – ctrl-alt-delor Mar 31 '15 at 22:54

ctrl-alt-delor · Answer 2 · 2015-03-31T22:51:58.807

2

You do not need an if, to do boolian manipulation instead use implies!

public int? Page
{
    get
    {
        Contract.Ensures( (result!= null).Implies(result >= 0) );
        var result = ...

        ...


        return result;
    }
}

Also you should use Requires not assert when testing method arguments, and other preconditions.

public int IndexOf(T item)
{
    Contract.Requires(item != null);
    Contract.Requires((item as IEntity).ID > 0);
...

edited Mar 31 '15 at 22:51

answered Feb 06 '12 at 12:17

ctrl-alt-delor

7,506
5
40
52

Where exactly does Imply comes from? Ensures is a Void method and as such should not be capable of using any dotted notation afterward... – bkqc Dec 14 '20 at 15:41
@bkqc `implies` is not called on `Ensures` it is a method of `bool` (or an extension method of bool). – ctrl-alt-delor Dec 14 '20 at 19:32
right! I should learn to read :P I imagined an additional parenthesis lol. Is this in .Net Core? Because I can't find it anywhere in the .NET Framework. Could you tell me the dll/assembly it is in (F12 maybe)? – bkqc Dec 14 '20 at 22:06

score 1 · Accepted Answer · answered Dec 21 '09 at 01:44

1

Just having a guess. Perhaps it should be Contract.Ensures(result.Value >= 0)?

answered Dec 21 '09 at 01:44

Igor Zevaka

74,528
26
112
128

hum, result can be null actually. – Victor Rodrigues Dec 21 '09 at 01:51
2

Right, so perhaps `(result == null || result >= 0)`? – Igor Zevaka Dec 21 '09 at 02:10
More generally, implication `if x then y` is `!x || y`, so here we have `!(result != null) || result >= 0` which simplifies to `result == null || result >= 0`. – porges Apr 13 '10 at 04:45
More generally, implication 'if x then y' is 'x.Implies(y)', so here we have '(result != null).Implies(result >= 0)' – ctrl-alt-delor Feb 06 '12 at 12:23

score 1 · Answer 4 · answered Jun 12 '16 at 18:16

All Ensures and Requires calls must be before all other statements in a method or property body, this includes simple assignments like you're using that help readability.

Proper syntax

public int? Page {
    get {
        Contract.Ensures(Contract.Result<int?>() == null 
            || Contract.Result<int?>() >= 0); 

        return default(int?);
        }
    }
 }

This is very ugly, much uglier than normal if (x || y) throw new ArgumentOutOfRangeException().

Special Attributes

There is a somewhat roundabout way of getting around this. ContractAbbreviatorAttribute and ContractArgumentValidatorAttribute are special attributes that the ccrewrite understands which make your life easier. (For lots of details see the System.Diagnostics.Contracts namespace documentation on MSDN or the Code Contracts manual.)

If using .NET 4 or older: These attributes are in the framework starting .NET 4.5, but for prior versions you can get a source file for them from the directory Code Contracts installs to. (C:\Program Files (x86)\Microsoft\Contracts\Languages\) In that folder are CSharp and VisualBasic subfolders that have a ContractExtensions.cs (or .vb) file containing the required code.

ContractAbbreviatorAttribute This attribute effectively lets you create contract macros. With it, your page property could be written like this:

public int? Page {
    get {
        EnsuresNullOrPositive();
        return default(int?)
    }
}

[ContractAbbreviator]
static void EnsuresNullOrPositive(int? x) {
    Contract.Ensures(
        Contract.Result<int?>() == null ||                 
        Contract.Result<int?>() >= 0);
}

EnsuresNullOrPositive could also be kept in a static class and reused across your project, or made public and placed in a utility library. You could also make it more general like the next example.

[ContractAbbreviator]
static void EnsuresNullOrPositive<Nullable<T>>(Nullable<T> obj) {
    Contract.Ensures(
        Contract.Result<Nullable<T>>() == null ||                 
        Contract.Result<Nullable<T>>() >= default(T));
}

For my own utility library, I have a static class named Requires and a static class named Ensures, each with many static methods decorated with ContractAbbreviator. Here are some examples:

public static class Requires {

    [ContractAbbreviator] 
    public static void NotNull(object obj) {  
        Contract.Requires<ArgumentNullException>(obj != null);
    }

    [ContractAbbreviator]
    public static void NotNullOrEmpty(string str) {
        Contract.Requires<ArgumentNullException>(!string.IsNullOrEmpty(str));
    }

    [ContractAbbreviator]
    public static void NotNullOrEmpty(IEnumerable<T> sequence) {
        Contract.Requires<ArgumentNullException>(sequence != null);
        Contract.Requires<ArgumentNullException>(sequence.Any());
    }
}

public static class Ensures {
    [ContractAbbreviator]
    public static void NotNull(){
        Contract.Ensures(Contract.Result<object>() != null);
    }
}

These can be used like this:

public List<SentMessage> EmailAllFriends(Person p) {
    Requires.NotNull(p); //check if object is null
    Requires.NotNullOrEmpty(p.EmailAddress); //check if string property is null or empty
    Requires.NotNullOrEmpty(p.Friends); //check if sequence property is null or empty
    Ensures.NotNull(); //result object will not be null

    //Do stuff
}

ContractArgumentValidatorAttribute I haven't used this one outside of tutorials, but basically it lets you write package several if (test) throw new ArgumentException() calls in a single call that behaves like a call to Contract.Requires. Since it only deals with argument validation, it wouldn't help with your post-condition example.

score -1 · Answer 5 · answered Feb 26 '16 at 01:41

-1

Contract have conditional compilation flag on them. In release more you code

if condition
    contract
return

becomes

if condition
   return

do you see the problem now?

answered Feb 26 '16 at 01:41

Lloyd Dupont

55
8

Why am I getting malformed contract, in by C# code?

5 Answers5