design by contract

• formal basis -- pre and post conditions
• refinement -- by inheritance or polymorphis
• runtime checks -- division of responsibility