Re: We do not use C++ exceptions
On Feb 6, 8:35 pm, Thant Tessman <thant.tess...@gmail.com> wrote:
It's the very notion of preconditions that are checked with asserts that
I want to call into question. I've already had this conversation with
Andrei, but a well-designed programming language wouldn't provide any
way to create a null pointer in the first place.
Yes, I know. Nevertheless, you can create an invalid non-trivial
object in any language. Consider the simplistic example of
int depth( Tree t );
'depth' has the implicit precondition that t is a tree. The type
system can guarantee that it's a Tree, and that it was created and
manipulated by dedicated Tree-specific functions. But it cannot guard
against a bug in one of these functions that causes its return value
to be a cyclic graph. 'depth' will likely loop forever or cause a
stack overflow, and it's "not allowed" to do that, if one diligently
follows the principle that any input is valid.
Precondition checking is a tool that catches bugs. If 'depth' had a
check that t is a tree, it would've detected the bug in the Tree-
specific function. But the caller of 'depth' is not allowed to rely on
this test being present, because t is never supposed to be a non-tree
in a correct program.
[...]
How does one enforce such a 'contract'?
With tests and asserts (which are a form of testing, performed on a
live program).
If this is design by contract, what makes it different from mere 'design'?
Expressing the contract in a formal way that can be checked by a
machine.
What makes the contract anything other than documentation?
Enforcement.
--
[ See http://www.gotw.ca/resources/clcm.htm for info about ]
[ comp.lang.c++.moderated. First time posters: Do this! ]