Ben said:
I bet that you are doing it too.
I'll take that bet!
Does your binary search function
check that the list is sorted?
If in usage I did that, then it would be a bug. No need to move to a
higher level of abstraction in this issue. The issue is simple argument
checking in a simple case. Of course (!) the concepts should be applied
at higher levels too, but there is no need to complicate the simple case
(assumed for obvious reasons) in discussion.
How do you check that your sort
function's compare function does, in fact, induce a correct ordering?
To get more on topic, how do you check, in C, that a function taking
a pointer is passed a valid one? Or one that it points to enough
data. Or...
Again, that is at the program level and the concepts still apply, but
stick to the simple case please and the topic at hand which is exactly
that documentation cannot replace argument checking. Well it can, but
that is "bad programming" and "worst practice".
These things -- that a function assumes about it's parameters -- are
what I call pre-conditions. I accept you may not like that term, but
these unchecked or uncheckable things need a name. What do you call
them?
Alright, if that is what you meant. "Preconditions" is fine for the
those, if you want to use the term that way. I tend to think of
"precondition" as something that can be checked within the callee. That
you have to guarantee what you are talking about at the higher level,
seems to indicate it needs another name (or so I would have it, and
reserve "precondition" for the way I use it). "Guarantee" fits in there
somewhere, surely, as in, "the program has guaranteed that the list is
sorted by design". Instead of saying, "This library function call has the
precondition that the list must be sorted.", say "The program must
guarantee that the list is sorted". Violate a "precondition", then, and
no problem, something well-defined will happen during development/testing
to keep that bug out of the code. Violate a required guarantee though,
and you're hosed.
At the higher level during development, the instrumentation must be in
place to ensure that the required guarantees are indeed being designed
against. There doesn't appear to be avenue for formality (like there is
with argument precondition checking), other than the specification of
required guarantees.
So, how about "required guarantees" (to answer your question)? (I just
came up with it from the above thoughts).
Mostly I agree, though I think you must agree that this is (a) not
possible in all cases,
Not with your definition of "precondition". Though you must have said it
rather generally for me to jump all over it. I.e., included the argument
checking that CAN be done in what you wrote. Further, I don't think the
Eiffel usage includes such in its concept of "precondition" (?) and
weren't you alluding to that as some kind of litmus of "precondition"
terminology definition?
and (b) often deliberately not done even when
possible due to cost.
No, that is not an option. I don't know what other people/groups/whatever
are doing with that these days for I've been away from that for so long.
But, yes, I can fathom that that may be being done somewhere. Now THAT is
a quality issue and that would not only be low quality software, but an
inadequate development capability/process/outfit/etc. You just can't
shortcut this stuff and hope for the best. Any software is only as good
as the "weakest link" within it. If it breaks in deployment, the plane
won't go down, but if EVERYONE were to be doing that shitty of a job, it
just might do exactly that!
My point was not "don't check you arguments"
I thought that your point was that specification of "preconditions" is
adequate -- checking by the library, when it can do so, is optional.
but "those things you assume are pre-conditions; those that you check
for are part of the defined behaviour of the function" (though I
accept there is some grey here).
Not really, IMO, because it's the error path, not the mainline. The
behavior is the description of the error handling mechanism rather than
the application-program-specific behavior. IOW, that's the behavior IN
ALL the functions of the program upon error (or simply checking on
non-error, of course). It's like an "aspect".
OK. I don't want to argue about definitions. It's interesting that
this term is used in different ways.
To what I said above, I think my own definition is like Meyer's (I don't
know his EXACTLY) and unlike yours.