Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Brings Design-By-Contract To Java

Posted by Soulskill on from the putting-a-hit-out-on-bugs dept.

angry tapir writes "Google is developing a set of extensions for Java that should aid in better securing Java programs against buffer overflow attacks. Google has announced that it open sourced a project that its engineers were working on to add a new functionality into Java called Contracts, or Design-By-Contract. 'Contracts exist to check for programmer error, not for user error or environment failures. Any difference between execution with and without runtime contract checking (apart from performance) is by definition a bug. Contracts must never have side effects.'"

2 of 134 comments (clear)

  1. Re:BOf in Java? by goofy183 · · Score: 5, Informative

    I think that is a poorly written summary. You can't (in pure java and ignoring JVM bugs) overflow buffers. You can however forget to do sanity checking on inputs based on the business rules of your app. That is where this will help. Codifying even simple things like "The argument should never be null" in an annotation on the interface definition helps both document and consistency for implementations of that interface.

  2. Fail by nicholas22 · · Score: 5, Insightful

    It is a String-based implementation, which is awful in terms of consistency, type-checking, etc. and vulnerable in code refactoring. I would stay away or use something more type-safe and IDE-safe.