On 8/1/2014 6:12 AM, Dicebot wrote:
ok, can this be considered a good summary of using assertions/contracts for
services where risk of entering undefined state is unacceptable?
1) never use `assert` or contracts in actual application code, use `enforce`
instead
2) never use `enforce` in library code unless it does actual I/O, use contracts
instead
3) always distribute both release and debug builds of libraries and always run
tests in both debug and release mode
Does it make sense? Your actual recommendation contradict each other but it is
best what I was able to combine them into.
What makes me hesitate about use of enforce() is its high runtime cost. It's not
just the computation, but the call stack above it is affected by enforce() being
throwable and allocating via the GC.
Secondly, enforce() is about recoverable errors. Program bugs are simply NOT
recoverable errors, and I cannot recommend using them for that purpose. I've
argued for decades with people who insist that they can write code that recovers
from unknown programming bugs.