assume, assert, enforce, @safe
Walter Bright via Digitalmars-d
digitalmars-d at puremagic.com
Fri Aug 1 12:10:31 PDT 2014
On 8/1/2014 6:12 AM, Dicebot wrote:
> ok, can this be considered a good summary of using assertions/contracts for
> services where risk of entering undefined state is unacceptable?
>
> 1) never use `assert` or contracts in actual application code, use `enforce`
> instead
> 2) never use `enforce` in library code unless it does actual I/O, use contracts
> instead
> 3) always distribute both release and debug builds of libraries and always run
> tests in both debug and release mode
>
> Does it make sense? Your actual recommendation contradict each other but it is
> best what I was able to combine them into.
What makes me hesitate about use of enforce() is its high runtime cost. It's not
just the computation, but the call stack above it is affected by enforce() being
throwable and allocating via the GC.
Secondly, enforce() is about recoverable errors. Program bugs are simply NOT
recoverable errors, and I cannot recommend using them for that purpose. I've
argued for decades with people who insist that they can write code that recovers
from unknown programming bugs.
More information about the Digitalmars-d
mailing list