Hello Norbert,
And as for the concept of "user input" vs. "contracts": A library interface is *not* a user interface. After some consideration, I agree that a library should always check its input even in "release" mode. However - this should be solved by selectively toggling contract checking rather than replacing contracts by "enforce" statements.
In some cases, particularly where the preconditions are external to the process, your assertion is severely weakened if it doesn't fail completely.
1) Checking external state is generally costly so why require it to be done twice? 2) It's error prone: because it's external state, in almost all cases the calling code will needs to implement the same check and treat it as an input error. 3) It sill doesn't work because external state, in general, can change between the check and the call.
A possibly better solution would be to use an error handling strategy approach, Have the called function throw and exception supplied by the calling function.
-- ... <IXOYE><
