A problem with D contracts

Andrei Alexandrescu SeeWebsiteForEmail at erdani.org
Sun Aug 1 14:21:12 PDT 2010


On 08/01/2010 07:04 AM, bearophile wrote:
> Walter Bright:
>>> /*@ assert (\forall int i; 0<= i&&  i<  n; a[i] != null);
>>
>> This does not make it simpler, it just makes things more
>> complicated by now having two ways to do a foreach.
>
> The point here is to restrict a lot the kind of code and instructions
> you can put inside contracts, so eventually you will have a chance to
> test them automatically.
>
> When you have copied Eiffel to design D contracts you probably have
> seen that in Eiffel you can't put arbitrary code inside contracts
> (the same is true for contract systems in C# and Java, here it's D
> that is designed in the wrong way). This is a limit that was there
> because otherwise it kills the possibility of enforcing them
> statically.

I think D made the right choice here. The space of contracts that can be 
effectively checked during compilation is very small, and the relative 
complexity of the checkers is very high. (Array bounds checking is a 
classic example.) Restricting contracts to make them statically 
checkable with today's technology would essentially push them out of 
existence.

Andrei


More information about the Digitalmars-d mailing list