[Python-ideas] Why is design-by-contracts not widely
Steven D'Aprano
steve at pearwood.info
Sat Sep 29 10:43:11 EDT 2018
On Sat, Sep 29, 2018 at 10:15:42PM +1000, Chris Angelico wrote:
[...]
> As are all the things that are "undefined behaviour" in C, like the
> result of integer overflow in a signed variable. They are "Here be
> dragons" territory, but somehow that's not okay for you. I don't
> understand why you can hate on C for having behaviours where you're
> told "don't do that, we can't promise anything", but it's perfectly
> acceptable for Python to have the exact same thing.
They're not the same thing, not even close to the same thing.
Undefined behaviour in C is a radically different concept to the
*implementation-defined behaviour* you describe in Python and most
(all?) other languages. I don't know how to communicate that message any
better than the pages I linked to before.
> AIUI, the only difference is that C compilers are more aggressive
> about assuming you won't invoke undefined behaviour, whereas there are
> no known Python interpreters that make such expectations.
I don't know any other language which has the same concept of undefined
behaviour as C, neither before nor after. What does that tell you? If C
undefined behaviour is such a good idea, why don't more languages do the
same thing?
Undefined behaviour allows C compilers to generate really fast code,
even if the code does something completely and radically different from
what the source code says. Consequently, undefined behaviour in C is a
HUGE source of bugs, including critical security bugs, and the C
language is full of landmines for the unwary and inexpert, code which
looks correct but could do *absolutely anything at all*.
The C language philosophy is to give up correctness in favour of
speed. I hate that idea. If there was a Zen of C, it would say
"Errors should not just be silent, they're an opportunity
to win benchmark competitions."
--
Steve
More information about the Python-ideas
mailing list