strange behavior of by-value function arguments in postcondition

bauss jj_1337 at live.dk
Fri Sep 3 06:25:44 UTC 2021 

On Thursday, 2 September 2021 at 13:33:34 UTC, Meta wrote:
> On Wednesday, 1 September 2021 at 06:14:27 UTC, bauss wrote:
>> Pre/post conditions _are_ assert statements tho. User 
>> validation should be done using exceptions, not asserts.
>
> The fact that they are assert statements is an implementation 
> detail. The point of pre/post conditions is to enforce that 
> certain properties of the function hold, and assertions are 
> just how the language happens to implement that.

I would argue that they're there to enforce certain properties of 
the function to hold true when testing, because you should use 
exceptions otherwise!

D's error handling is primarily exceptions and asserts should 
never be used for error handling because they shouldn't be in 
release builds and AFAIK release builds remove them.

So if you're writing a library and compiling it for release and 
it takes user-input then the validation will never occur.

It's evident in this:

Compile this with the -release switch:

```d
import std;

void a(int x) in (x > 10) { writeln(x); }

void main()
{
     a(12);
     a(5);
}
```

You'll see that a(5) will succeed, so the output is:

12
5

However without -release it will be this:

12
core.exception.AssertError at onlineapp.d(3): Assertion failure
----------------
??:? _d_assertp [0x55b9b3fe87fc]
./onlineapp.d:3 void onlineapp.a(int) [0x55b9b3fe6edf]
./onlineapp.d:8 _Dmain [0x55b9b3fe6f03]

The solution here is actually to use exceptions if going by 
idiomatic D:

void a(int x) in (x > 10) { if (x < 10) throw new 
Exception(x.stringof ~ " is below 10."); writeln(x); }

Now regardless of whether you're debugging or publishing it will 
give an error.

Debugging output is the same as before, but -release will now 
output:

12
object.Exception at onlineapp.d(3): x is below 10.
----------------
./onlineapp.d:3 void onlineapp.a(int) [0x5635e7a70df4]
./onlineapp.d:8 _Dmain [0x5635e7a70e1b]

Imagine if x came from an external source, you'd NEED to have 
some runtime validation at release and not assume everything 
works during tests/debugging.

You'll end up with either silent errors that are hard to debug OR 
you'll end up with tons of crashes with no clear indication.

More information about the Digitalmars-d mailing list