[Python-ideas] Why is design-by-contracts not widely

Steven D'Aprano steve at pearwood.info
Sat Sep 29 10:43:11 EDT 2018

On Sat, Sep 29, 2018 at 10:15:42PM +1000, Chris Angelico wrote:

> As are all the things that are "undefined behaviour" in C, like the
> result of integer overflow in a signed variable. They are "Here be
> dragons" territory, but somehow that's not okay for you. I don't
> understand why you can hate on C for having behaviours where you're
> told "don't do that, we can't promise anything", but it's perfectly
> acceptable for Python to have the exact same thing.

They're not the same thing, not even close to the same thing.

Undefined behaviour in C is a radically different concept to the 
*implementation-defined behaviour* you describe in Python and most 
(all?) other languages. I don't know how to communicate that message any 
better than the pages I linked to before.

> AIUI, the only difference is that C compilers are more aggressive
> about assuming you won't invoke undefined behaviour, whereas there are
> no known Python interpreters that make such expectations.

I don't know any other language which has the same concept of undefined 
behaviour as C, neither before nor after. What does that tell you? If C 
undefined behaviour is such a good idea, why don't more languages do the 
same thing?

Undefined behaviour allows C compilers to generate really fast code, 
even if the code does something completely and radically different from 
what the source code says. Consequently, undefined behaviour in C is a 
HUGE source of bugs, including critical security bugs, and the C 
language is full of landmines for the unwary and inexpert, code which 
looks correct but could do *absolutely anything at all*.

The C language philosophy is to give up correctness in favour of 
speed. I hate that idea. If there was a Zen of C, it would say

    "Errors should not just be silent, they're an opportunity
    to win benchmark competitions."


More information about the Python-ideas mailing list