什么是设计契约（Design by Contract）？

Question

Accepted Answer

**设计契约 (DbC)** 将方法与其调用者之间的关系视为一项正式协议，由三个要素定义：**preconditions**（调用者必须保证的条件）、**postconditions**（方法作为回报必须保证的条件）和 **invariants**（对象始终保持为真的条件）。

## 三项义务

```text
PRECONDITION  → caller's duty: inputs/state the method requires to run correctly
POSTCONDITION → method's duty: what it promises on return (if precondition held)
INVARIANT     → always-true property of the object, before and after every method
```

## 在代码中

```python
class Account:
    def __init__(self, balance):
        self._balance = balance
        self._check_invariant()

def withdraw(self, amount):
        assert amount > 0, "PRE: amount must be positive"        # precondition
        assert amount <= self._balance, "PRE: sufficient funds"  # precondition
        old = self._balance
        self._balance -= amount
        assert self._balance == old - amount, "POST: balance reduced"  # postcond
        self._check_invariant()

def _check_invariant(self):
        assert self._balance >= 0, "INVARIANT: balance never negative"
```

如果 *precondition* 失败，**调用者** 有 bug。如果 *postcondition* 或 *invariant* 失败，**方法** 有 bug——契约精确指出了责任所在。

## 与 LSP 的关系

DbC 使 Liskov 原则更加精确：子类型可以**削弱 preconditions** 和**强化 postconditions**，但反之则不然。这正是可替代性规则，用契约表述。

## 权衡

```text
✓ Bugs surface at the boundary, with clear blame   ✓ Contracts double as documentation
⚠️ Runtime checks cost performance (often disabled in prod via assertions)
⚠️ Not all languages enforce it natively (Eiffel does; most use asserts/validation)
```

## 为什么这很重要

契约将模糊的假设（