John Regehr on "Use of Assertions"
Ola Fosheim Grøstad
ola.fosheim.grostad at gmail.com
Sun Sep 9 09:01:28 UTC 2018
On Sunday, 9 September 2018 at 08:31:49 UTC, John Carter wrote:
> On Sunday, 2 September 2018 at 01:55:53 UTC, Walter Bright
> wrote:
>> On 9/1/2018 5:47 PM, Nick Sabalausky (Abscissa) wrote:
>>> All in all, John is very non-committal about the whole thing.
>>
>> He probably got tired of arguing about it :-)
>
> Let's face it, the term "assert" has been poisoned by decades
> of ambiguity.
There is really no ambiguity... The terminology is widespread and
well understood across the field I think.
"assume" means that something is taken as a given fact that has
already been established by others.
"assert" means that it is something that should be established
before shipping.
For contracts:
"expects" (or "requires") means that the input to a function
should have those properties. (precondition)
"ensures" means that the returned value should always have those
properties. (postcondition)
Microsoft GSL let you configure pre/post conditions so that you
either get terminate, throw or (much more dangerous) assume on
contract violations. They don't seem to provide an option for
ignoring it.
#if defined(GSL_THROW_ON_CONTRACT_VIOLATION)
#define GSL_CONTRACT_CHECK(type, cond)
\
(GSL_LIKELY(cond) ? static_cast<void>(0)
\
:
gsl::details::throw_exception(gsl::fail_fast(
\
"GSL: " type " failure at " __FILE__
": " GSL_STRINGIFY(__LINE__))))
#elif defined(GSL_TERMINATE_ON_CONTRACT_VIOLATION)
#define GSL_CONTRACT_CHECK(type, cond)
\
(GSL_LIKELY(cond) ? static_cast<void>(0) :
gsl::details::terminate())
#elif defined(GSL_UNENFORCED_ON_CONTRACT_VIOLATION)
#define GSL_CONTRACT_CHECK(type, cond) GSL_ASSUME(cond)
#endif
More information about the Digitalmars-d
mailing list