Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Google Java Programming

Google Brings Design-By-Contract To Java 134

Posted by Soulskill from the putting-a-hit-out-on-bugs dept.
angry tapir writes "Google is developing a set of extensions for Java that should aid in better securing Java programs against buffer overflow attacks. Google has announced that it open sourced a project that its engineers were working on to add a new functionality into Java called Contracts, or Design-By-Contract. 'Contracts exist to check for programmer error, not for user error or environment failures. Any difference between execution with and without runtime contract checking (apart from performance) is by definition a bug. Contracts must never have side effects.'"
This discussion has been archived. No new comments can be posted.

Google Brings Design-By-Contract To Java More

Google Brings Design-By-Contract To Java

Comments Filter:

  • Re:BOf in Java? (Score:5, Informative)

    by goofy183 ( 451746 ) on Friday February 11, 2011 @12:08PM (#35175310)

    I think that is a poorly written summary. You can't (in pure java and ignoring JVM bugs) overflow buffers. You can however forget to do sanity checking on inputs based on the business rules of your app. That is where this will help. Codifying even simple things like "The argument should never be null" in an annotation on the interface definition helps both document and consistency for implementations of that interface.

  • Another one? (Score:4, Informative)

    by quivrnglps ( 572909 ) on Friday February 11, 2011 @12:22PM (#35175522)

    According to Wikipedia [wikipedia.org] there are already quite a few projects doing DbC:

    Java, via iContract2, Contract4J, jContractor, Jcontract, C4J, CodePro Analytix, STclass, Jass preprocessor, OVal with AspectJ, Java Modeling Language (JML), SpringContracts for the Spring framework, or Modern Jass, Custos using AspectJ,JavaDbC using AspectJ, JavaTESK using extension of Java.

    Do we really need an entirely new one? If none of those are sufficient, why not build on top of and improve an existing project? Starting over is not always a good thing...

  • Re:BOf in Java? (Score:5, Informative)

    by goofy183 ( 451746 ) on Friday February 11, 2011 @12:59PM (#35176124)

    The problem is TechWorld having no idea what this tool is for. The announcement by Google http://google-opensource.blogspot.com/2011/02/contracts-for-java.html [blogspot.com] never mentions the word "buffer" and accurately describes this as a tool for pre/post validation of method arguments and return values. Some how TechWorld decided to tie in JVM level buffer overflow issues with a pure Java DbC tool, anyone actually familiar with Java knows at a glance that the two are unrelated.

  • Re:BOf in Java? (Score:4, Informative)

    by nicholas22 ( 1945330 ) on Friday February 11, 2011 @02:32PM (#35177732)
    Sorry but you're completely wrong. Java libraries are primarily written in Java you wally.

Slashdot Top Deals

THEGODDESSOFTHENETHASTWISTINGFINGERSANDHERVOICEISLIKEAJAVELININTHENIGHTDUDE

Close