Design Guidelines Part.3: The Liskov Substitution Principle

LSP was defined way back in 1988 by Dr. Barbara Liskov, who incidently won the 2009 Turing Award, perhaps the most prestigious award in computer science. Her original definition was:

“If for each object o1 of type S there is an object o2 of type T such that for all programs P defined in terms of T, the behavior of P is unchanged when o1 is substituted for o2 then S is a subtype of T.”

But Robert Martin offered a much more terse definition:

Subtypes must be substitutable for their base types

What this is saying is that a derived class should honor the contracts made by it's parent classes. In other words, if a method signature accepts a base class reference, then it should be able to accept an instance of any class derived from that base class without affecting the functioning of the method.

Object-oriented programmers will be familiar with the concepts of abstraction and polymorphism. In statically-typed O-O languages, like C++, Java and C#, the key mechanism to achieve polymorphism is inheritance. LSP is a guiding principle that restricts how inheritance is used such that the OCP is not violated.

Technically speaking, the type of polymorphism this principle addresses is inclusion polymorphism. Inclusion polymorphism occurs in languages that allow subtypes and inheritance whereby an instance of a subtype can be manipulated by the same functions that operate on instances of the supertype (parent class type). This implies a reference (or pointer) of the parent class type can also refer to any child object, meaning that the type of the object being referred to must be determined at runtime. Since the type of object cannot be determined until runtime, and virtual methods are defined per type, it implies that a method call may be executed either in the parent or the child class and this dispatch decision cannot be made until runtime.

The Liskov Substitution Principle helps to guarantee inclusion polymorphism, which is a good thing because inclusion polymorphism improves reuse. All code that references the superclass can be reused referencing a subclass.

Why Follow It?
By adopting the LSP, the correctness of a method accepting base class references is guaranteed under certain substitutability conditions. Furthermore, since LSP is actually a special case of the Open-Closed Principle, every time you violate the LSP, you violate the OCP as a result - but not the other way round. It is this relationship between OCP and LSP that makes it easier to spot since developers tend to understand OCP much more readily that they do with LSP.

Say you develop a class hierarchy using inheritance, and you have a method in your base class that accepts a base class reference, and when you pass in a derived class reference you get unexpected results, it's a strong sign that the inheritance chain and the object model is incorrect. You need to remember that a class must fulfill an "is-a" relationship in order for it to be able to inherit from another class. This relationship is about behavior not data! In this sense, LSP is good at exposing faulty abstractions.

LSP is the reason that it is hard to design and create good deep hierarchies of sub classes and the reason to consider using composition over inheritance. (The strategy pattern is a prototypical example of the flexibility of composition over inheritance.)

The whole point of the Liskov Substitution Principle is really to make you think clearly about the expected behavior and expectations of a class before you derive new classes from it.

Obligatory Example
Common examples for violation of LSP are Rectangle::Square, Circle::Ellipse, etc. Rather than reproduce those here, take a look at the examples in Robert Martin's paper.

Design By Contract
The Liskov Substitution Principle is closely related to the design by contract methodology, which provides rules telling us the conditions under which it is acceptable to substitute a derived class for a base class:

  • Preconditions cannot be strengthened in a subclass.
  • Postconditions cannot be weakened in a subclass.

In other words, a sub-type can only have weaker pre-conditions and stronger post-conditions than its base class. Put differently...derived methods should expect no more and provide no less.

Signs of LSP violations include:

  • A subclass that does not keep all the external observable behavior of it's parent class
  • A subclass modifies, rather than extends, the external observable behavior of it's parent class.
  • A subclass that throws exceptions in an effort to hide certain behavior defined in it's parent class
  • A subclass that overrides a virtual method defined in it's parent class using an empty implementation in order to hide certain behavior defined in it's parent class

Method overriding in derived classes is probably the biggest cause of LSP violations. All method overrides should be done with great impunity as to avoid these violations.

In addition, the principle implies that no new exceptions should be thrown by methods of the subclass, except where those exceptions are themselves subtypes of exceptions thrown by the methods of the superclass. (think: co-variance and contra-variance).

A function using a class hierarchy violating the principle uses a reference to a base class, yet must have knowledge of the subclasses. Such a function violates the open/closed principle because it must be modified whenever a new derivative of the base class is created, and that really sucks because the compiler or your existing unit tests won't find these cases for you - you have to become a UN weapons inspector, remember what things exactly you need to look for, and go hunt them down manually!

Final Advice
In the words of Robert Martin, Agile Principles, Patterns and Practices in C# (P.149):

"A good engineer learns when compromise is more profitable than perfection. However, conformance to LSP should not be surrendered lightly. The guarantee that a subclass will always work where its base classes are used is a powerful way to manage complexity. Once it is forsaken, we must consider each subclass individually."

Other Parts in the Series
Design Guidelines Part.1: Single Responsibility
Design Guidelines Part.2: Open-Closed Principle
Robert Martin's Original Paper


Design Guidelines Part.2: Open-Closed Principle

After discussing the Single Responsibility Principle I'd like to talk about the Open-Closed Principle. Let's start with a definition...


First touted by Bertrand Meyer PhD in the late 80s, the Open-Closed principle (OCP) states:

Software entities should be open for extension, but closed for modification.

"Open for extension" means the software module can have its behaviour extended and "closed for modification" means that these enhancements don't change existing code. How is that possible? Meyer's original notion, aimed at C++ development where multiple implementation inheritance is allowed, was to use derived classes and inheritance. Given the popularity of languages like Java that don't support multiple (implementation) inheritance the recognised practice, as espoused by Robert Martin, to adhere to OCP was redefined to use immutable abstract base classes or interfaces, and polymorphic concrete classes.

Sometimes such an approach is referred to as a "pluggable architecture".


Why would we want to do this? Because change is inevitable so we should plan for it. Let me explain...

Software systems are often broken down into small components. This divide-and-conquer approach allows developers to focus on writing a number of discrete pieces of code that can be assembled into a working system. By focusing on smaller chunks of functionality we can keep our focus narrow and re-usability high. However, given the investment we make in developing such components, and the realistic expectation that changes in requirements are inevitable, it is prudent to design system components in such a way as to minimise the system impact of changes to these components in the face of new or altered requirements. This is the ultimate goal of OCP - being able to add new code without screwing up what we know already works.

The benefits of making code OCP-compliant are several:

  • the component can be extended as requirements change, yet the impact of such changes are more predictable.
  • maintainability is easier
  • previous testing routines/code can be re-used
  • the risk associated with system changes is lower

If enhancements or changes are required at a later time, it only requires the developer to add new code, not change exisiting code.  This means that maintaing software in the future should be considerably easier as you don't have to worry as much about breaking existing code! That drastically reduces your risk profile for code changes, and makes it more predictable in terms of system impact.

Consider the following example: you need to develop an analytics library for Front Office applications and quickly bang out some code like this...

using System;

namespace OptionPricing.BadCodeExample
    public enum OptionType

    public class ExoticOptionsPricingCalculator
        // other functionality elided...

        public static double GetPrice(IOption option)
            switch (option.type)
                    return BlackScholesPrice(option);

                    return GeneralizedBlackScholes(option);

                    return StandardBarrierPrice(option);

                    return ReinerRubinsteinPrice(option);

                    return RubinsteinPrice(option);

                    return FloatingStrikeLookbackPrice(option);

                    throw new Exception("Don't know how to price this type of option");


As you can see we have a large switch statement around the optionType to pick a pricing algorithm depending on the option type. The above code doesn't conform to the OCP. The problem is that when new pricing methods and options types come along, which they inevitably will, we need to bust open this method and make changes. We'd rather isolate our changes to just new functionality being added.

So with that in mind, we refactor the code to use something like this:

Here we use a common interface (or an abstract base class if you prefer that) to hold common details of each option type. We then use a number of concrete classes to model case-specific behaviour. In this case that means pricing algorithms that our Analytics engine uses which now becomes considerably cleaner...

namespace OptionPricing
    public class AnalyticsEngine
        // Method to find out the price of the option specified
        public static double GetPrice(IOption option)
            return option.CalculatePrice();

What this subtle refactoring has done is make your analytics engine OCP-compliant with respect to new option types. When new exotic option types, like a Cliquet/Rachet option, come along that you need to price, you will not need to change the GetPrice() method in the AnalyticsEngine. Instead all your changes will be contained inside a new class. By consolidating code in this fashion, it means you don't have to keep massive switch statements around the codebase and more importantly you don't have to manually track them all down when a new option variant enters the picture. Furthermore, you'll be safe in the knowledge that you aren't causing unnecessary side effects because your changes are isolated to the new functionality being introduced. That is the essence of the OCP.

Other Parts in the Series
Design Guidelines Part.1: Single Responsibility
Design Guidelines Part.3: The Liskov Substitution Principle

Books, Technical Design, Uncategorized

Design Guidelines Part.1: Single Responsibility

Given a group of programmers and a defined problem you are guaranteed to get different opinions about the correct way to code the solution to the problem. This is natural and is to be encouraged. You can leverage the Wisdom of Crowd (a recommended read by the way!) and give your team the best chance of success if you hear out everyones ideas and evaluate the pros/cons of each offering - time-boxed of course since we need to eventually deliver something to the client. Of course, even in a meritocracy it comes down to a trade-off but when faced with such decisions I usually fall back on known and proven principles to guide me to what is "good design". So what are these principles?

As far as object model design goes, the widely-known principles that I prefer to follow are:

  1. The Single Responsibility Principle
  2. The Open-Closed Principle
  3. The Liskov Substitution Principle
  4. The Dependency Inversion Principle
  5. The Interface Segregation Principle
  6. The Principle of Least Astonishment

As far as overall architecture goes, some principles which I advocate following are:

  1. Don't Repeat Yourself (DRY)
  2. Keep It Simple Stupid (KISS)

Let's dive into some details...

The Single Responsibility Principle (SRP)

First, lets start with some definitions. Quoting from Wikipedia, the SRP states that:

"every object should have a single responsibility, and that all its services should be narrowly aligned with that responsibility."

An alternate, but less clear definition is: "a class should have one, and only one reason to change."

It is also referred to as the "Do One Thing" rule. What is important to understand here is that a "responsibility" is a purpose. People new to this concept often get the (incorrect) impression that it means single member function because they reason each member function does something different. SRP is about responsibilities, not methods.

But wait. Does this mean I can't have persistence logic in my Business objects? According to SRP that would be the case, but as always these are guidelines. It's not officially stated but I interpret the word responsibilities as realistically meaning "responsibilities that are likely to change". Although this requires some insight into how your objects will evolve over time.

Why do we need to consider SRP? Because:

  • It makes testing the class easier if it only has one responsibility;
  • Classes are easier to read since they have a narrower focus;
  • Classes are likely to have fewer LOC;
  • You'll get greater re-use of the component since the component wasn't bundled with several other responsibilities the upstream consumer doesn't want or need;
  • There is less tendency to resort to copy-and-paste programming (which is really, really bad) to reuse functionality because it was made atomic, and therefore highly reusable, in the first place;
  • You'll naturally tend toward greater cohesion (how strongly-related and focused the responsibilities of a single class are) - which is a good thing because it makes code more maintainable;
  • You'll avoid building in tight coupling across your classes (I'll explain this further in a moment...)

So what nasty things await if we disregard the SRP? Well if you have objects with multiple responsibilities then you are creating more than one reason for that object to change - which is bad because in classes with multiple responsibilities the responsibilities can't help but become coupled making it hard for the object to undergo changes to one responsibility without affecting the coupled responsibilities. It is far more preferable to have modular, single-responsibility classes that change independently of each other, and change less frequently because they are single-purpose. As well, ignoring SRP makes it more likely that you will develop object anti-patterns such as God Objects where individual objects know too much or do too much.

In summary, following the SRP makes life easier in the long run for the developers...Reading the code is easier. Maintaining the code is easier. Making changes to the code is easier. And re-using the code is easier.

As Martin Fowler says,"Programs should be structured in such a way that we can make changes easily. When we make a change we want to be able to jump to a single clear point in the system and make the change." He calls these divergent changes in a section called "Code Smells". Say no more!

SRP is a simple concept but invariably it is much harder to implement. You have to be vigilant and force yourself to take things out of your class moving them to separate classes. Sure there are going to be cases where you happily violate this principle but be aware of the ramifications when you make that trade-off.

Other Parts in the Series
Design Guidelines Part.2: Open-Closed Principle
Design Guidelines Part.3: The Liskov Substitution Principle