assert semantic change proposal
H. S. Teoh via Digitalmars-d
digitalmars-d at puremagic.com
Thu Aug 7 11:30:13 PDT 2014
On Thu, Aug 07, 2014 at 10:54:53AM -0700, H. S. Teoh via Digitalmars-d wrote:
> On Fri, Aug 08, 2014 at 03:44:06AM +1000, Daniel Murphy via Digitalmars-d wrote:
> > "H. S. Teoh via Digitalmars-d" wrote in message
> > news:mailman.674.1407424873.16021.digitalmars-d at puremagic.com...
> >
> > >> And we've also got asserts in pre-conditions, which are recoverable
> > >> by definition.
> > >
> > >Huh, what? I thought asserts in pre-conditions are non-recoverable,
> > >because they imply that user code has broken the contract governing
> > >the use of that function.
> >
> > I meant asserts in pre-conditions when used with inheritance. It's a
> > pass if any of the preconditions pass, so the compiler runs them in
> > turn and catches all but the last.
>
> Oh, I see it now.
[...]
P.S. The current implementation also does not distinguish between a
broken contract vs. a bug or problem encountered by the contract code.
For example:
auto func(T...)(T args)
in {
assert(checkConsistency(args));
}
body {
...
}
bool checkConsistency(T...)(T args) {
int i;
for (i=0; i < args.length; i++) {
...
i = 1000; // suppose an inadvertent typo causes this
}
assert(i == args.length); // so this will fail
...
return result;
}
Suppose the i=1000 line is a mistake by the programmer, so it's a
genuine bug in checkConsistency. This would trip the assert in
checkConsistency, which would throw an AssertError. But if it was called
from the in-contract of func(), and func() is in a derived class for
which the base class version of func() has an in-contract that passes,
then we're basically swallowing the AssertError triggered by the failed
malloc(), and thereby causing the program to continue running in an
invalid state!
Basically, the problem is that the in-contract can't tell the difference
between a precondition failure (triggered by the outer assert) and a
genuine program bug (triggered by the inner assert).
This makes DbC in D really shaky. :-(
T
--
Freedom: (n.) Man's self-given right to be enslaved by his own depravity.
More information about the Digitalmars-d
mailing list