checkedint call removal
via Digitalmars-d
digitalmars-d at puremagic.com
Tue Jul 29 14:08:54 PDT 2014
On Tuesday, 29 July 2014 at 20:52:28 UTC, Walter Bright wrote:
> I've read yours and Ola's explanations of the difference, and I
> still can't discern any difference, other than the spelling.
Here is the difference:
action1(cmd){
assert( !lowercase( cmd )); //wrong theorem
if(cmd=='format') format_harddisk()
}
action2(cmd){
assume( !lowercase( cmd )); //wrong theorem
if(cmd=='format') format_harddisk()
}
release:
action1(cmd){
if(cmd=='format') format_harddisk()
}
action2(cmd){
format_harddisk()
}
> I still have problems convincing people that assert is not to
> be used to validate user input.
Has nothing to do with user input. From a correctness perspective
there is no such thing as user input. You only get valid input.
What you almost always have is a mismatch between specification
and implementation. The best you can hope to have is partial
correctness. Even with a system for formal verification.
More information about the Digitalmars-d
mailing list