std.xml validity checking is absurd
Andrei Alexandrescu
SeeWebsiteForEmail at erdani.org
Fri Feb 8 04:54:52 PST 2013
On 2/8/13 6:25 AM, monarch_dodra wrote:
> "in" and "out" contracts themselves are flawed in D in any case, given
> they are part of the "called" code, as opposed to "caller" code.
What would be the right design and implementation?
> This makes them absolutely no different than an assert.
>
> The problem is that an assert is "internal" validation, whereas an
> "in"/"out" is supposed to be a handshake between the caller/callee.
>
> If I write an "sqrt" function, and document it as "Please, only give me
> positive numbers", and then write a contract for it, and then compile my
> lib in release, the caller will have no way of "signing" my contract.
I don't think std.math.sqrt should validate its input using a contract.
> He'll call my sqrt with negative numbers, and the in will never get
> called, and sqrt will crash horribly.
It'll return NaN.
> A *BLATANT* example of this limitation is slice operations: They have an
> in contract stating that the slices need to be the same length. However,
> this contract will never ever get run, for anyone, because druntime is
> built and distributed in release. Long story short, even if I compile in
> debug, the code will silently run erroneously.
>
> http://d.puremagic.com/issues/show_bug.cgi?id=8650
That druntime uses a contract to verify length in slice is an
antipattern. It should use a sheer test and throw.
> Please see also:
> http://d.puremagic.com/issues/show_bug.cgi?id=4720
This is legit. We should have a way to separate contracts from body in
the general case.
> http://d.puremagic.com/issues/show_bug.cgi?id=6549
This, too, is legit.
> And finally, this old thread about the subject, which kind of fell into
> darkness:
> http://forum.dlang.org/thread/jamrtmgozgtswdadeocg@forum.dlang.org
Yeah, makes sense. I don't think we should put contracts on the front
burner. For whatever reason, people don't use contracts or they misuse
them. I have no idea why. The obvious argument is that people would use
contracts if this or that bug were fixed, but there's past evidence
suggesting the contrary.
Andrei
More information about the Digitalmars-d
mailing list