D enters Tiobe top 20

Timon Gehr timon.gehr at gmx.ch
Tue Nov 12 10:26:44 UTC 2019

On 12.11.19 10:12, Walter Bright wrote:
> On 11/11/2019 8:25 PM, Doc Andrew wrote:
>> I think _most_ people consider Assert vs Assume the way SPARK and F* 
>> do - as seen here: 
>> https://blogs.msdn.microsoft.com/francesco/2014/09/03/faq-1-what-is-the-difference-between-assert-and-assume/ 
> Which says:
> "Intuitively, Assert is something that you expect the static checker be 
> able to prove at compile time, whereas Assume is something that the 
> static checker can rely upon, but it will not try to prove.

Here, I was talking specifically using verification terminology, where 
the difference is obviously night and day. Then you dismissed my post by 
claiming in D they are the same. You might as well declare that from now 
on true is the same as false in D and hence you can reach any desired 
conclusion, but that won't change my understanding of logic, nor would I 
applaud your design choice.

> At runtime 
> Assert and Assume behave the same: If the condition is false, then the 
> program fails – how it fails (e.g., throwing an exception, opening a 
> dialog box, etc. can be completely customized with CodeContracts)."
> Therefore after the Assert, the prover can assume the Assert condition 
> is true. If the prover can prove the Assert is always true, the runtime 
> check can be safely removed.

(Technically, probably no, as last time I checked, the code contracts 
prover still implicitly assumed there cannot be integer overflow.)

Maybe, but in D assertions get converted into optimizer assumptions in 
release mode _without_ any such proof being provided.

More information about the Digitalmars-d mailing list