design by contract versus doctest
Peter Hickman
peter at semantico.com
Tue Apr 6 11:08:30 EDT 2004
Colin Blackburn wrote:
> Aku is correct, no checks are (necessarily) made by the function in
> installed code. It is the caller's responsibility to satisfy the
> pre-conditions.
True but the caller does not check the pre-conditions, that is done in
the called. The called does not trust the caller to get things right,
hence the contract.
> In the installed code the pre-conditions are not necessarily
> implemented therefore the function cannot refuse to run since it does
> not know its pre-condition at this stage.
I can think of no good reason to turn off checking of the pre and post
conditions unless you can guarantee that the live system will never
encounter a combination of inputs and states that have not already been
tested for. You hardly need DbC for such hubris.
>> Getting the require section to pass is no guarantee that the
>> post-conditions (ensure section) will be met, the do section is code
>> like anything else and may get things wrong.
>
> In correctly developed DbC that is precisely what is guaranteed. The
> post-condition is *guaranteed* if the pre-condition is met. It is a
> design tool.
Not sure I would want to state that, or rely on it. I would only go as
far as saying what I have tested is guaranteed. But then I am paranoid.
More information about the Python-list
mailing list