DIP 1009--Improve Contract Usability--Preliminary Review Round 1
MysticZach via Digitalmars-d
digitalmars-d at puremagic.com
Wed Jun 21 02:10:33 PDT 2017
On Wednesday, 21 June 2017 at 05:19:26 UTC, H. S. Teoh wrote:
> On Wed, Jun 21, 2017 at 01:06:40AM +0000, MysticZach via
> Digitalmars-d wrote:
>> On Tuesday, 20 June 2017 at 21:04:16 UTC, Steven Schveighoffer
>> wrote:
>> > This is much much better. The verbosity of contracts isn't
>> > really the brace, it's the asserts.
>>
>> I think it's both, and I think the brace is the only thing
>> that can be improved upon. How could you justify insisting
>> that everyone use the built-in asserts for their contracts?
> [...]
>
> Umm... I think we're not quite on the same page here. What
> *else* are people supposed to use inside their contracts
> besides the built-in assert??
Many people have expressed discontent with existing asserts. In
fact, they were just changed yesterday to address one of these
concerns:
https://github.com/dlang/dmd/pull/6901
I believe `assert` would have to be extremely robust to merit
being included directly into the syntax of the language. I'm not
opposed to this in principle. But I'm no expert, and not willing
to assume it's desirable. On the other hand, if `assert` were
made so perfect as to ensure that no one would prefer a different
method of bailing out of their programs, then you're right, and
the problem of contract syntax could be solved at that level
instead of the more "pedestrian" approach I'm taking.
> While D currently gives you the flexibility of arbitrary code
> inside a contract, a contract is not supposed to do anything
> other than to verify that the caller has passed in arguments
> that are valid.[1]
To me, it's still a question of whether `assert` is the only
valid way to bail out of a program. I agree that arbitrary other
code inside contracts is bad practice, and that wanting to
prohibit it makes sense.
> Furthermore, contracts specify what constitutes valid input to
> the function -- this serves both as documentation to would-be
> callers, and also as specification to the compiler as to what
> are acceptable arguments. The built-in assert mechanism serves
> both purposes -- especially the second purpose because the
> compiler understands it directly, as opposed to some other
> user-defined mechanism that the compiler wouldn't understand.
This wouldn't change just with a syntax rewrite. If the compiler
wanted to use `assert` for optimization purposes, it could do
that just as well with any of the proposed syntaxes. People who
didn't want to use `assert` would be at a disadvantage in this
regard. But at least they would have that option.
> Besides, this is a matter of semantics, whereas this DIP is
> addressing the DbC syntax. If people demand an alternative to
> the built-in assert, it's not hard to have the compiler lower
> the syntax into some globally-defined symbol that can be
> redefined by the user. Or, indeed, simply funnel the expression
> into a user-defined assert alternative, e.g.:
>
> int myFunc(Args...)(Args args)
> if (args.length > 1)
> in (myAssert(args[0] > 0))
> {
> return doStuff(args);
> }
>
> bool myAssert(T)(T t) {
> // do whatever alternative assert stuff you need to do
> // here
>
> return true; // bypass the built-in assert
> }
I guess the optimizer can elide the assert if it knows it's
always true. If this method was sure not to incur a performance
penalty, then it may be better than my approach.
> But the semantics is a different issue than the syntax, which
> is the scope of this DIP.
The scope of the DIP can change, if need be. My primary goal is
in the title, to "Improve Contract Usability". I used this title
on purpose because I didn't want to get stuck if my proposal
turned out to be worse than some other one. If adding a new
semantics is actually preferable I can rewrite the DIP (and give
you credit — or you can do it yourself, if you want). It was just
as important to me to get the ball rolling as to have my
particular suggestion accepted. I wanted to stay close to the
shore, because I thought it was a little outlandish to propose a
whole new semantics. I still think it's a little outlandish,
because I can imagine a large organization wanting to rig up its
own bailout mechanism, and the new semantics would prevent them
from doing that. But so far, the comments suggest that it's worth
it to many people.
More information about the Digitalmars-d
mailing list