RFC: Value range propagation for if-else
bearophile via Digitalmars-d
digitalmars-d at puremagic.com
Wed Jun 18 13:50:44 PDT 2014
Meta:
> My point exactly. If contracts allow things like what
> Bearophile wants to work, then people might use them to do
> input/output validation instead of validating basic
> assumptions, like they're supposed to do. Then we have problems
> like you described. Maybe it's a good idea to keep contracts
> as-is and not allow them to change a function's semantics like
> this, since they are removed in release.
This is an interesting topic.
D contracts are a potentially important language feature that is
currently underused, perhaps because it's currently a little more
than a nicer place to locate asserts (and it still lacks the
pre-state ("old") feature).
Function contracts don't change the program semantics, they
define part if it at a higher level than the function body itself.
When your function has a post-condition that specifies the
function to return a value between 0 and 9 inclusive, your
function is defined to return such range, that's its semantics.
If the function returns something outside that range, then your
function has a bug. Relying on the function semantics to allow
casts is one basic usefulness of contracts, but this is just a
starting point (if take a look at the Whiley language you see
what I mean: whiley.org ).
If you compile your code with -release you are assuming your code
doesn't have bugs, and your contracts are always satisfied.
Perhaps D programmers need to stop compiling with -release.
Perhaps even the name of this compiler switch should be changed
to something more descriptive of its unsafety and meaning.
The presence of -release compiler switch can't hold back the use
of contract programming for all it's worth. Currently D is not
taking its contract programming seriously :-)
Bye,
bearophile
More information about the Digitalmars-d
mailing list