std.xml validity checking is absurd

bearophile bearophileHUGS at lycos.com
Fri Feb 8 05:33:41 PST 2013 

Andrei Alexandrescu:

> I don't think std.math.sqrt should validate its input using a 
> contract.

Why not? Returning a NaN is an option. But in a language that 
supports contracts, its precondition should only accept 
non-negative inputs.


> That druntime uses a contract to verify length in slice is an 
> antipattern.

Why?


> I don't think we should put contracts on the front burner.

Why? (And I don't agree).


>That's why TDPL dedicates a whole chapter to it (separate from 
>error
handling!). Apparently that didn't make a dent in the Universe 
:o).<

Instead of not putting contracts on the front burner, I suggest 
to think about the causes, find some of them, and then try to fix 
the causes.


> For whatever reason, people don't use contracts or they misuse 
> them. I have no idea why. The obvious argument is that people 
> would use contracts if this or that bug were fixed, but there's 
> past evidence suggesting the contrary.

I am using D contracts in my code. I think there are three or 
more reasons for people not using D contracts a lot:
- C/C++/Python/Java programmers don't know much about contract 
programming. They look like improved asserts, while they require 
a bit different mindset. Learning a different mindset requires 
time and work. This is an important point but I think this isn't 
the most important one.
- D contracts miss some important parts, the pre-state is one of 
them. Other problems are present (as they say "move in contract 
checking to the caller side").
- I think Phobos contracts get removed. This reduces their 
usefulness. If you have a feature X in your language and you 
aren't using it in your standard library, then a bit of redesign 
is needed.
- D is used a system language, where often programmers think of 
asserts as things present only in debug builds. But maybe 
contracts should have a different compiler switch to be stripped 
away (http://d.puremagic.com/issues/show_bug.cgi?id=9482 ).

I also think it's good to reduce the usage of enforce() in 
contracts, because I think it doesn't help the cause of D 
Contracts. I think well implemented Contracts don't need 
exceptions.

Bye,
bearophile

More information about the Digitalmars-d mailing list