|
Boost : |
Subject: Re: [boost] [contract] Released Contract Programming Library on SourceForge
From: Lorenzo Caminiti (lorcaminiti_at_[hidden])
Date: 2010-03-08 20:39:59
Hello Andrzej,
I understand your suggestion but not fully removing the contract
macros has the following key disadvantages:
1) It still increases compile-time. During development, I find it
useful to be able to *completely* strip the contracts away, including
from compilation -- it saves me from waiting extra time to compile
contract code that I am not executing yet.
2) Inv, pre, and post conditions are programmed by the library in
private member functions (the assertions cannot appear in the body
because the body might be defined in .cpp separated from the contract
declaration). I think compilation of these extra member functions will
still increase the object size (even if if these functions are
private, called by no one, and they only contain statements like
`sizeof(expression)` that have no effect) -- I have not verified this.
Plus, you can always make sure the contracts are syntactically correct
by deliberately compiling with all contract on every so often.
Therefore, I will keep the current design that expands the contract
macros to nothing when contract compilation is off. I will make this
reasoning clear in the documentation.
On Sun, Feb 28, 2010 at 4:57 PM, Andrzej Krzemienski <akrzemi1_at_[hidden]> wrote:
> this is how C-style asserts work, but one of the advantage of asserts
> over comments, as it is often advertised, is that the predicates are
> checked for syntactic and (to some extent) semantic correctness. But
> this is not the case if we disable the assertion macros.
The Contract Programming benefit usually advertised as "trustworthy
documentation" (see [Meyer1997]) is gained only when contracts are
compiled and *executed* during testing so they are checked not just
syntactically but also semantically by the test suite.
> be possible if the macro
>
> CONTRACT_ASSERT_BLOCK_INVARIANT( expression );
>
> were replaced with something like:
>
> ... sizeof( expression ) ...
>
> then, the expression is not evaluated, but required to be correct. If
> the value of sizeof is not used it should be eliminated by the
> compiler. Obviously, the same would be applicable for all the other
BTW, [Stroustrup1997] suggests to use
`Assert(!CONTRACT_CHECK_BLOCK_INVARIANT || expression)` to implement a
similar functionality.
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk