Boost logo

Boost :

Subject: [boost] [Review:Contract] Late review
From: Steven Watanabe (watanabesj_at_[hidden])
Date: 2012-09-01 17:59:05


First of all, *Yes, Contract should be accepted into Boost*

I've only really looked at part of the documentation
so far. Here's my comments from that. I may have
more later depending on how much time I have.


- "Contract Programming (CP) allows to specify"
  Use a gerund (specifying) instead of an
  infinitive. An infinitive here needs a subject.

- "... allowing to find bugs ..."
  Same problem, although it can't be fixed in
  the same way, since the participle + gerund
  would sound awkward. It could be handled
  with a passive infinitive. (allowing bugs
  to be found)

- "and it was first introduced by the Eiffel
  programming language "
  You can leave out the "it." It sounds awkward
  to me.

- "Eiffel programming language"
  Using this repeatedly sounds a bit pedantic.
  You can just say "Eiffel" after the first

- The side by side code in the example gets
  a bit wide. This will definitely be a
  problem if you want the documentation
  to be generated as a PDF.

- I don't understand why the library needs
  to deal with access control. Why can't
  the user just use public: private: protected:
  as usual?

- CONTRACT_OLDOF kind of sticks out at me.
  I don't really like the way it looks having
  it a macro when everything else is keywords
  that are parsed by the top level macros.

- "...if there is a bug in the function caller
   for which push_back is called when size is
   equal to max_size ..."
   This clause is somewhat confusing.

- "...with the assertion number to uniquely identity..."
  s/identity/identify/. Also don't split

- "This library suffers of two limitations"


- "This section explains how to setup..."
  "set up" should be two words. "setup"
  as one word is a noun.

- "... failure of the checked condition does
  not abort the program, instead ..."
  Run on sentence.

- "The implementation of this library uses..., templates with
  partial specializations and function pointers (similarly
  to Boost.Function), ..."
  I don't understand the connection between partial
  specialization and function pointers. Why are
  they grouped together?


- "It is assumed that programmes"

- " formally program specifications".
  Don't split the infinitive.
  "to program specifications formally"

- "Then, this library aims to be ..."
  "Then" doesn't sound right here. "Then"
  is usually used for conditions ("if... then")
  or sequences (e.g. First.... Then...), but
  there's nothing for it to connect to here.

- "Contract Programming is characterized by the
   following type of assertion mechanisms."

- "before the body execution."
  I think it would sound better to use the
  possesive "body's execution" or "execution of the body".
  rather than apposition.

- "Preconditions cannot be strengthen, postconditions and
  class invariants cannot be weaken. "
  s/strengthen/strengthened/, s/weaken/weakened/

- I'm not sure that I would consider Subcontracting
  to be an assertion mechanism.

- "Block Invariants | These are logical conditions that
  programmers except ..."

- "...while a contract assertions is ..."

- "This library implement this feature however
  it should be noted ..."
  Run on sentence.

- "protect such a global variable from racing conditions "
  It's called a "race condition."

- "but that will effectively introduce a global lock
  in the program"
  This seems like a classic use case for thread specific

- "Furhtermore,"

- "Contracts are part of the source code, they are..."
  Run on sentence (comma splice)

- "detailed error messages that greatly helps debugging"
  "helps" needs to agree with "messages."

- "Contract Programming benefits come to the cost of performance "
  "to" is the wrong preposition. Try "at."

- "The run-time performances are negatively ..."
  "performance" should be singular. Plural doesn't
  really make sense for abstract nouns like this.

- "1. The extra processing required to check the assertions.
   2. The extra processing required by the additional
      function calls (additional functions are invoked
      to check preconditions, postconditions, class
      invariants, etc)."
  How is (2) different from (1)?

- "checking function arguments using postconditions "
  I think you mean /pre/conditions.

- "so that these initializations can relay"

- "C++ object construction mechanism ..."
  You need an article. "The C++..."

- "Check the non-static class invariants, but only if
  the body threw an exception."
  This could use a rationale. Destructors are generally
  not supposed to throw at all.

- "Contracts are only responsible to check the "
  "for checking" instead of "to check."

- " only use public members, Eiffel instead ..."
  Split infinitive, run-on sentence.

- "...are allowed to brake class invariants..."

- "Arbitrary code in contracts | No, assertions only."
  This is a bit misleading, since assertions can
  execute arbitrary code.


- "complete guide on this library syntax"

- result == oldof valule

- "int const"
  IIRC, you can't have a const rvalue of a built-in type.

- "parameter names can instead by omitted "

- params_postinc
  You didn't update the pre/post conditions when
  you copied this from the last example.

- "Function and array types cannot be directly used as
  function parameter types within the contract macros
  but extra typedef declarations can be used to
  workaround this limitation "
  This workaround doesn't work in function templates
  where the array element or dimension is deduced.

- "the maximum number of supported array dimensions is
  I don't understand the reason for this limitation.

- "...evaluates all contract conditions in
  constant-correct context"
  Add an article "a" before "const-correct."

- "the type of value type"
  Delete the second "type."

- ConstantCopyConstructible
  You're definitition of CopyConstructible is
  wrong. A type that only defines T(T&) is not

- "However, it is still necessary to ontract"

- unique_identifiers
  I think it's worth pointing out that the postcondition
  can't assume that the precondition was true
  in the face of subcontracting. I did a double take
  when I saw old_found.

- "Wakened inherited preconditions ..."


The definition of CONCEPT_OLDOF is a bit
dangerous. It can't safely be passed as
a macro argument.

What do you think of this bit of PP magic:

#define TEST_EXPAND_NOTHING(x) oldof
#define TEST_EXPAND_I(x) TEST_EXPAND_ ## x
#define EXPAND_OLDOF(expr) expr

oldof -> expands to itself
EXPAND_OLDOF(random text oldof more random text) ->
 expands to random text CONTRACT_OLDOF more random text


- Are ellipsis parameters allowed?

- Just say "parentheses," not "round parentheses." Parentheses
  without any qualification always means ().

In Christ,
Steven Watanabe

Boost list run by bdawes at, gregod at, cpdaniel at, john at