enforce()?

Norbert Nemec Norbert at Nemec-online.de
Mon Jun 28 01:33:24 PDT 2010


On 20/06/10 22:17, Walter Bright wrote:
> An input to a dll is user input, and should be validated (for the sake
> of security, and other reasons). Validating it is not debugging.

In that case, feel free to compile DLLs with external contract checking 
switched on, but please do not blur the conceptual distinction between 
contracts and exceptions.

You are talking about compiling a libary into a binary DLL that should 
be fit for general usage. In that case, there are good reasons to leave 
the input contract checking active.

In the general case, however, the library user has the control over how 
to compile the library and link to it (just think of inlining). In this 
case, the library user should be allowed to switch off the contract 
checking (at their own risk!)

Conceptually, the ultimate solution would certainly be to place code for 
input contract checking in the *calling* code. After all, this checking 
code serves to debug the calling code, so it should be left to the 
caller to decide whether checking is necessary.

This approach would also allow the compiler to optimize out some checks 
when their correctness can be tested at compile time.

Output contract checks, on the other hand should be compiled inside the 
returning routine.

After all, it is all a matter of trust. A language designer should trust 
the language user to know what he is doing. A library designer should 
trust the library user to act responsibly. After all - if the 
application breaks it is the application designer who has to answer for it.


More information about the Digitalmars-d mailing list