|
|
Boost : |
Subject: [boost] [contract] importance ordering (was "diff n1962")
From: Lorenzo Caminiti (lorcaminiti_at_[hidden])
Date: 2010-04-14 15:37:20
Hello all,
On Thu, Apr 8, 2010 at 7:26 PM, Lorenzo Caminiti <lorcaminiti_at_[hidden]> wrote:
> Below is a summary of the differences between Boost.Contract and the
> Contract Programming C++ standard proposal n1962. I know some of the
> authors of n1962, and also of its previous revisions, are on this
> mailing list -- I hope that they can provide comments at least.
>
> [n1962] Crowl and T. Ottosen, Proposal to add Contract Programming to
> C++ (revision 4), The C++ Standards Committee, 2006. All previous
> revisions of this proposal are also relevant (and related authors
> comments encouraged).
I would like to ask: Should Boost.Contract support assertion
importance ordering?
Importance ordering was introduced in revision 3 of the CP C++
standard proposal but then removed in revision 4:
* From n1866 (n1962 revision 3) section 2.1.2 << default assertions syntax:
1. runtime-assertion : boolean-expression importance-ordering opt ;
2. importance-ordering : : integer-constant
8. Importance ordering allows users to specify multiple levels of
assertions. The higher an integer, the more crucial it is to keep an
assertion in the object code.
9. The default importance ordering is 0 and is in effect when no
integer is specified.>>
* From n1962 (revision 4) <<Removed the notion of "importance ordering" [10].
[10] (1, 2) In many contexts it is useful to inform the compiler
of certain properties. This is true for efficient garbage collection
as well as Contract Programming. The same mechanism may be reused to
tag a piece of code with some property; in this case we would like to
tag individual assertions.>>
For example:
void f(int x)
precondition {
x >= 0 : 100; //
Importance ordering 100.
find(v.begin(), v.end(), x) != v.end(); // Default
importance ordering of 0.
}
...
And in Boost.Contract the syntax:
CONTRACT_FUNCTION(
(void) (f)( (int)(x) )
(precondition) (
( x >= 0 )(importance)(100) //
Importance ordering 100.
( find(v.begin(), v.end(), x) != v.end() ) // Default
importance ordering of 0.
)
... )
Boost.Contract could then provide an API to say "compile and check
only assertions with importance ordering within
<user-specified-range>".
One use case for this is to tag assertions that are expensive to check
with a lower importance so they can be disabled selectively to achieve
better performance trade off (this was suggested by Andrzej).
[Mitchell2002] addresses this use case recommending to never program
expensive assertions in preconditions because they will likely be part
of production releases (while expensive assertions in postconditions
and possibly invariants are acceptable because they, and their
run-time overhead, will be removed from production releases). However,
this is a binary approach whereas importance ordering would provide a
more granular control tool to achieve better performance trade-offs.
I would personally recommend for Boost.Contract to support importance
ordering -- what do you think?
Thank you.
Lorenzo
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk