www.digitalmars.com         C & C++   DMDScript  

digitalmars.D.bugs - [Issue 9454] New: Struct invariant call on whole-struct assignements?

reply d-bugmail puremagic.com writes:
http://d.puremagic.com/issues/show_bug.cgi?id=9454

           Summary: Struct invariant call on whole-struct assignements?
           Product: D
           Version: D2
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: DMD
        AssignedTo: nobody puremagic.com
        ReportedBy: bearophile_hugs eml.cc


--- Comment #0 from bearophile_hugs eml.cc 2013-02-05 16:55:27 PST ---
See the thread:

http://forum.dlang.org/thread/vqoyehpcepobnzyolzfc forum.dlang.org

That is about the article:

http://electronicdesign.com/contributing-technical-experts/contract-driven-programming-takes-specification-beyond-stone-age


It contains:

<<
In Ada 2012, predicates on a type (one particular type of invariant) are
checked on parameter passing and assignment. So if we have Code 4, there will
be a check failure on the assignment, since the predicate is not true. No check
is generated on individual field modifications, though, so Code 5 does not
raise an exception.


http://electronicdesign.com/site-files/electronicdesign.com/files/uploads/2013/02/0307RequiemCode4.gif http://electronicdesign.com/site-files/electronicdesign.com/files/uploads/2013/02/0307RequiemCode5.gif This D code doesn't asserts (unlike equivalent in Ada2011): struct Foo { int x = 200; invariant() { assert(x > 100); } } void main() { auto f = Foo(10); } So maybe it's a good to introduce in D as in Ada a call to the invariant when the whole struct is assigned. Another case: << Although the assignment to the V fields breaks the invariant [figure 5], no exception is raised on these two statements. Thankfully, as soon as a call using V as a parameter is done, a subtype check will occur and the inconsistency will be pointed out. Hopefully, this will not be too far from the introduction of the problem.


Currently D doesn't call the invariant even in that second case too: struct Foo { int x = 200; invariant() { assert(x > 100); } } void bar(Foo f) {} void main() { auto f = Foo(10); bar(f); } -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: -------
Feb 05 2013
parent d-bugmail puremagic.com writes:
http://d.puremagic.com/issues/show_bug.cgi?id=9454



--- Comment #1 from bearophile_hugs eml.cc 2013-02-06 03:19:30 PST ---
Discussion thread:
http://forum.dlang.org/thread/vqoyehpcepobnzyolzfc forum.dlang.org

This is a similar issue:
http://d.puremagic.com/issues/show_bug.cgi?id=519


They are very similar, the test case from Issue 519 uses a new:


class Foo {
    invariant() {
        assert (false);
    }
}
void main() {
    Foo foo = new Foo();
}


While in Issue 9454 (just like in that Ada code) there is no new:


struct Foo {
    int x = 200;
    invariant() { assert(x > 100); }
}
void main() {
    auto f = Foo(10);
}

-- 
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
Feb 06 2013