c3c icon indicating copy to clipboard operation
c3c copied to clipboard
verified publisher icon c3lang

Post/pre conditions

Open lerno opened this issue 4 years ago • 15 comments

Tracks complete implementation of contracts.

lerno avatar Nov 13 '21 18:11 lerno

require / ensure now works.

lerno avatar Mar 08 '22 22:03 lerno

Honestly, I don't like contracts in comments.

data-man avatar Mar 10 '22 12:03 data-man

They are not comments

lerno avatar Mar 10 '22 12:03 lerno 

/**
 * @param [inout] foo `test`
 * @require baz > 100 `whatever`
 * @ensure return < 200
*/
fn int test2(int *foo, int baz)
{
        *foo = 444;
        return baz;
}

Why /*...*/ is needed? It's bad for syntax highlighting in editors/IDE.

data-man avatar Mar 10 '22 12:03 data-man

What doc format would you suggest?

lerno avatar Mar 10 '22 12:03 lerno 

@param [inout] foo `test`
@require baz > 100 `whatever`
@ensure return < 200
fn int test2(int *foo, int baz)
{
        *foo = 444;
        return baz;
}

fn int test2(int *foo, int baz)
@param [inout] foo `test`
@require baz > 100 `whatever`
@ensure return < 200
{
        *foo = 444;
        return baz;
}

fn int test2(inout int *foo, int baz @require > 100)
{
        *foo = 444;
        return @ensure(baz < 200);
}

data-man avatar Mar 10 '22 12:03 data-man

I don't understand. Where would the function description be placed?

lerno avatar Mar 10 '22 12:03 lerno

Also I found the bug. This cannot be compiled:

/**
 * @param [inout] foo `test`
 * @require baz > 100 `whatever`
 * @ensure *foo > 231
 * aaa_or_any_other_chars
*/
fn void test(int *foo, int baz)
{
}

fn void main()
{
}

data-man avatar Mar 10 '22 12:03 data-man

Where would the function description be placed?

After [1] or before [2] contracts. Or some mixed approach [3].

data-man avatar Mar 10 '22 13:03 data-man

I'll fix the bug. But [1] [2] [3] all seem to assume that doc descriptions then are separate.

lerno avatar Mar 10 '22 13:03 lerno

Just for the note: @ used for attributes but @require, @ensure and @param aren't in c3c --list-attributes and c3c --list-keywords lists. Maybe to use $ instead of @?

data-man avatar Mar 10 '22 13:03 data-man

The simple code:

/**
 * @require baz > 100
*/
fn void test(int baz)
{
}

fn void main()
{
   test(10);
}

test: Assertion `@require "baz > 100" violated.' failed.

It's ok for the debug mode. But

Segmentation fault

for the release modes.

data-man avatar Mar 10 '22 14:03 data-man

Yes, what happens here is that the optimizing backend finds out that the program will violate constraints and everything results in segmentation fault.

lerno avatar Mar 10 '22 14:03 lerno

Regarding the keywords, the doc attributes are separate from normal attributes and are not reserved elsewhere.

lerno avatar Mar 10 '22 14:03 lerno

[1] and [2] work for the preconditions but do not extend to any documentation.

[3] does not work for several cases:

  • It is not implementing the ensure contract, since such a contract is to be true for all returns and associated with the function declaration. Otherwise there is no difference with an assert.
  • Putting constraints next to the parameters do not scale. It's barely bearable for a single constraint, but for anything non trivial it just makes the function declaration look like it has cancer (compare C++ templates)

lerno avatar Mar 10 '22 15:03 lerno

Since contracts now are in, but should be tweaked I'm closing this one.

lerno avatar Sep 20 '22 21:09 lerno