Search code examples
c#debuggingstatic-analysiscode-contracts

Static contract unproven, because reference is passed to another method (that only reads)

Any one else had trouble with contracts. I have the following:

public void doSomeThing(Stack stack)
{
    Contract.Requires(stack != null);

    stack.Push("$");
    Contract.Assert(stack.Count > 0); //redundant check
    _Look(stack);
    Contract.Assert(stack.Count > 0); //this contract fails static analysis, because analyser does not know that _Look does not write to stack.
    stack.Pop();
}

private void _Look(Stack stack)
{
    //do nothing
}

The second assert is unproven, because the call to _Look may ( but does not ) change the content of the stack. Is there a way to say that _Look does not change stack? Or is there some other way to get this to work?

Note these contracts pass dynamically, it is just that the second one can not be proved statically.

Solution

  • This answer based on idea from reading Craig Wilson's answer.

    public void doSomeThing(Stack stack)
{
    Contract.Requires(stack != null);

    stack.Push("$");
    Contract.Assert(stack.Count > 0); //redundant check
    _Look(stack);
    Contract.Assert(stack.Count > 0); //this contract fails static analysis, because analyser does not know that _Look does not write to stack.
    stack.Pop();
}

private void _Look(Stack stack)
{
    Contract.Ensures(stack.Count == Contract.OldValue(stack.Count));
}