Sean Kelly wrote:
Why should contracts be limited to parameter checking of internally used
functions only? If I write a function and document parameter constraints
then I certainly expect those constraints to be followed regardless of
whether I'm calling the function or someone else is calling the function.
Checking these via a contract simply provides an optional means of
ensuring that a logic error didn't occur within the program as a whole.
If you're talking about application input however, then I agree completely.
ie. stuff typed in by the user, read from a file, etc, should never be validated
within a contract because an input failure at that level doesn't represent
a program logic error but rather user error. An assertion failure isn't
a terribly good way of notifying the user that they shouldn't have put an
alphabetic character in a box intended to receive an integer :-)
Your "users" are anyone external to your built binary. That means that
dll's should not use contracts to validate arguments passed to the dll's
entry points.
If you're doing a library to be statically linked, it is debatable, and
a decision you (as the library developer) need to make.
