strange behavior of by-value function arguments in postcondition
Meta
jared771 at gmail.com
Tue Aug 31 16:04:17 UTC 2021
On Tuesday, 31 August 2021 at 12:39:59 UTC, bauss wrote:
> On Tuesday, 31 August 2021 at 12:35:54 UTC, Andrzej K. wrote:
>>
>> I guess, the question here is, who are the postconditions for?
>> Are they for the caller (to guarantee something that the
>> caller understands)? Or are they for the callee (in order to
>> automatically inject assertions into function body)? If it is
>> the latter, then the current semantics are fine.
>
> The postconditions are for the maintainer to ensure the
> function actually works as expected.
This is not true and is a complete misunderstanding of Design by
Contract and what function contracts are for.
> If the asserts don't pass then the function has a bug.
>
> Assert statements are never for the user and always for the
> maintainer.
_Assert_ statements are for the maintainer, but pre/post
conditions on functions are absolutely for the user. Given that
the user fulfills the requirements specified by the function's
pre-conditions, then the user can be certain that the guarantees
provided by the function's post-conditions will hold. It is only
a matter of convenience that function pre/post conditions use
assertions.
More information about the Digitalmars-d
mailing list