checkedint call removal

Walter Bright via Digitalmars-d digitalmars-d at puremagic.com
Tue Jul 29 12:35:30 PDT 2014 

On 7/29/2014 3:13 AM, Dicebot wrote:
> On Tuesday, 29 July 2014 at 07:31:26 UTC, Walter Bright wrote:
>> You can choose to disable assertions with a switch, or not. Having a choice up
>> to you doesn't make it useless.
>
> Yes I know what are options to make it work. I don't know how to make it work
> "in a good style". This is not just D problem - I feel like something is missing
> in the design by contract idea, something that actually can make it robust
> enough to be used without "oh crap" moments.

To have an assert despite -release, you can do things like:

    assert(exp);  =>  if (!exp) assert(0);

I generally leave asserts in for released code in my projects. You can see this 
in dmd which often exhibits a fault as a tripped assert. But if for nothing 
else, a way to turn them off gives the developer an easy way to see exactly how 
much they cost him in performance, so he can make the best decision for his 
application.

I've also been known to use debug versioning to add a bunch of extra testing 
code for dev testing.


>> Also, assertions are not for validating user input.
> This is one of problems. When writing library function you don't exactly know if
> input is going to be user input. Use enforces - and it won't be possible to
> optimize away redundant checks. Use assertions and issue may slip uncaught.

It's a serious, serious mistake to use asserts for user input validation. If 
passing raw user input to a library function, unless that function is 
specifically documented to validate it, you've made a big mistake.

Asserts are meant to test for logic bugs in the program. Nothing else.


> It feels like for contracts to really work some good implementation of red-green
> code zones is necessarily, to be able to distinguish user input call paths from
> internal ones during compilation time.

That's not what contracts are for (beating a dead horse).

Joel Spolsky made a suggestion I like - have raw user input be of a different 
type than validated input. That way, functions are clearly and checkably 
red-green zoned.

More information about the Digitalmars-d mailing list