340134cc37fb7a9b4498a2b13df2fa340a1824c0vboxsync

340134cc37fb7a9b4498a2b13df2fa340a1824c0vboxsyncDesign By Contract

340134cc37fb7a9b4498a2b13df2fa340a1824c0vboxsync

340134cc37fb7a9b4498a2b13df2fa340a1824c0vboxsync

340134cc37fb7a9b4498a2b13df2fa340a1824c0vboxsyncBIND 9 uses the "Design by Contract" idea for most function calls.

340134cc37fb7a9b4498a2b13df2fa340a1824c0vboxsync

6d01ab3ab862974eb7aaa1f685364f44c7d2282bvboxsyncA quick summary of the idea is that a function and its caller make a

340134cc37fb7a9b4498a2b13df2fa340a1824c0vboxsynccontract. If the caller meets certain preconditions, then the

340134cc37fb7a9b4498a2b13df2fa340a1824c0vboxsyncfunction promises to either fulfill its contract (i.e. guarantee a set

340134cc37fb7a9b4498a2b13df2fa340a1824c0vboxsyncof postconditions), or to clearly fail.

340134cc37fb7a9b4498a2b13df2fa340a1824c0vboxsync

340134cc37fb7a9b4498a2b13df2fa340a1824c0vboxsync"Clearly fail" means that if the function cannot succeed, then it will

340134cc37fb7a9b4498a2b13df2fa340a1824c0vboxsyncnot silently fail and return a value which the caller might interpret

340134cc37fb7a9b4498a2b13df2fa340a1824c0vboxsyncas success.

340134cc37fb7a9b4498a2b13df2fa340a1824c0vboxsync

340134cc37fb7a9b4498a2b13df2fa340a1824c0vboxsyncIf a caller doesn't meet the preconditions, then "further execution is

340134cc37fb7a9b4498a2b13df2fa340a1824c0vboxsyncundefined". The function can crash, compute a garbage result, fail silently,

340134cc37fb7a9b4498a2b13df2fa340a1824c0vboxsyncetc. Allowing the function to define preconditions greatly simplifies many

340134cc37fb7a9b4498a2b13df2fa340a1824c0vboxsyncAPIs, because the API need not have a way of saying "hey caller, the values

340134cc37fb7a9b4498a2b13df2fa340a1824c0vboxsyncyou passed in are garbage".

6d01ab3ab862974eb7aaa1f685364f44c7d2282bvboxsync

340134cc37fb7a9b4498a2b13df2fa340a1824c0vboxsyncTypically, preconditions are specified in the functions .h file, and encoded

340134cc37fb7a9b4498a2b13df2fa340a1824c0vboxsyncin its body with REQUIRE statements. The REQUIRE statements cause the program

340134cc37fb7a9b4498a2b13df2fa340a1824c0vboxsyncto dump core if they are not true, and can be used to identify callers that

4bca1461357775da282a478f5cdd38beb9f574b3vboxsyncare not meeting their preconditions.

e6949b26882193292bbad0af38c7bced1d323219vboxsync

4bca1461357775da282a478f5cdd38beb9f574b3vboxsyncPostconditions can be encoded with ENSURE statements. Within the body of

6d01ab3ab862974eb7aaa1f685364f44c7d2282bvboxsynca function, INSIST is used to assert that a particular expression must be

6d01ab3ab862974eb7aaa1f685364f44c7d2282bvboxsynctrue. Assertions must not have side effects that the function relies upon,

6d01ab3ab862974eb7aaa1f685364f44c7d2282bvboxsyncbecause assertion checking can be turned off.

6d01ab3ab862974eb7aaa1f685364f44c7d2282bvboxsync

6d01ab3ab862974eb7aaa1f685364f44c7d2282bvboxsync