Contracts, Undefined Behavior, and Defensive,Programming

Jesse Phillips Jesse.K.Phillips+D at gmail.com
Sat Jun 13 14:41:19 UTC 2020


On Saturday, 13 June 2020 at 08:52:18 UTC, Johannes Pfau wrote:
>
>
> So using definsive programming we turned soft UB into hard UB 
> which will probably crash the program. It could also cause 
> memory corruption, run into an infinite loop, .... And please 
> note that all this even happens in a @safe function.
>
> So because of this, I think it's a really bad idea to conflate 
> assume and assert meanings.

The article talks about this. It states that soft undefined 
behavior can lead to hard UB.

I don't think it tries to argue this is OK. What it talks about 
is the importance of validation of external input. Saying that if 
we have well guarded inputs will allow us to detect program bugs 
through assertion seems a little optimistic.

However I do think emphasizing the input validation early is 
something important and severely lacking in the web development 
side. Though it is also hard to define where the system input vs 
external input boundaries are.

The concept that a method should provide a form with input 
validation and one with defensive programming is interesting.


More information about the Digitalmars-d mailing list