Improve assert expression documentation. #624
Conversation
|
It's also unclear when AssertError is thrown and when some HALT instruction is executed. |
|
AFAIK, |
|
Web preview for contracts page: http://eusebeia.dyndns.org/~hsteoh/tmp/web/contracts |
|
|
||
| $(P It is an error if the $(I expression) contains any side effects | ||
| that the program depends on. The compiler may optionally not evaluate | ||
| assert expressions at all.) |
There was a problem hiding this comment.
Replace with:
|
The documentation of '-release' and version(assert) need to be updated accordingly as well. |
| verify that the expression is indeed true. If it is false, an $(D | ||
| AssertError) is thrown.) | ||
|
|
||
| $(P When compiling for release, this check is not generated. The |
There was a problem hiding this comment.
It is irrelevant to claim it isn't generated. It's undefined behaviour. Undefined behaviour means, it is (maybe unlikely, maybe not what DMD does now, but) theoretically possible that the check is actually generated.
There was a problem hiding this comment.
@tgehr If we write it here in the spec, it's no longer undefined.
There was a problem hiding this comment.
@Hackerpilot: Undefined behaviour has a precise technical meaning. It overrides anything else you might say about the program, not the other way around. You might be confusing undefined behaviour and unspecified behaviour.
|
Am 01.08.2014 21:42, schrieb H. S. Teoh:
I'm not talking about the assert(0) special case, but about assert() in |
|
I think Walter's intention is to say that any program that has a failed assertion is invalid by definition, and so its behaviour is undefined. Things like |
|
Updated web previews. |
|
@tgehr Where is the documentation for |
|
It is in this and related files linked from there: |
|
Update web previews again. |
| $(I must) uphold. Any failure of this expression represents a logic | ||
| error in the code that must be fixed. A program for which the assert | ||
| contract is false is, by definition, invalid, and therefore has | ||
| undefined behaviour past that point.) |
There was a problem hiding this comment.
"past that point" is misleadingly implying that the code before that point won't be affected. If an optimizer can prove that undefined behaviour will occur after some code has executed (in a certain way), it might scrub (transform) that code based on this fact.
|
There is no treatment of the issue that @safe code will possibly become memory-unsafe if it contains assertions. |
|
|
||
| $(P It is implementation defined whether the $(I expression) is | ||
| evaluated at run time or not. Programs that rely on side effects of $(I | ||
| expression) are invalid.) |
There was a problem hiding this comment.
Nitpick: consistently use either the expression or just $(I expression).
|
@tgehr Where would such treatment be documented, if we were to document it? I'm not sure why we're fixating on asserts in I think it's really up to Walter how he wants this documented. |
|
http://dlang.org/safed.html |
|
I think that page needs to be fixed. Walter & Andrei have repeatedly made it clear that |
|
No memory corruption implies no undefined behaviour. |
|
I don't follow. Integer overflow is undefined behaviour, but there is no memory corruption involved. |
|
If the program can behave in any way, it can in particular corrupt memory. (And I am quite confident that given enough time and inclination, one can abuse signed overflow in connection with writing into an array to trick e.g. gdc into emitting a binary that corrupts memory with the appropriate optimization flags even though main is @safe.) In any case, I don't think this is necessarily the right place to discuss this. |
|
Can we get an update on this? Looks nice except Walter's and Tgehr's comments. |
| for more information.) | ||
| $(P As a contract, an $(D assert) represents a guarantee that the code | ||
| $(I must) uphold. Any failure of this expression represents a logic | ||
| error in the code that must be fixed. A program for which the assert |
There was a problem hiding this comment.
This could probably benefit from saying "fixed in the source code", so it's perfectly clear that this is not fixable by catching an AssertError.
|
Asserts are more interesting in
OT, but integer overflow is defined and expected in D, unlike in C and C++. |
Improve assert docs on design-by-contract page too. Improve wording based on comments. Incorporate more suggestions from comments. Reword per comments. Copy-edit. Use less ambiguous wording for version(assert) and -release.
quickfur
force-pushed
the
assert_doc
branch
2 times, most recently
from
0b385cf
to
279d262
Compare
|
Updated and squashed some commits. |
|
ping |
|
ping @AndrejMitrovic @9rnsr |
Improve assert expression documentation.
ghost
merged commit
|
Looks good, thanks for the work! |
|
Thanks! |
Per discussion on forum.