Comment by spacechild1

14 hours ago

Pre- and postconditions are actually part of the function signature, i.e. they are visible to the caller. For example, static analyzers could detect contract violations just by looking at the callsite, without needing access to the actual function implementation. The pre- and postconditions can also be shown in IDE tooltips. You can't do this with your own contracts implementation.

Finally, it certainly helps to have a standardized mechanisms instead of everyone rolling their own, especially with multiple libraries.

6 comments

spacechild1

kevin_thibedeau 11 hours ago

Is a pointer parameter an input, output, or both?

drfloyd51 8 hours ago
Input.
You are passing in a memory location that can be read or written too.
That’s it.
- 72deluxe 2 hours ago
  
  In terms of contract in a function, you might be passing the pointer to the function so that the function can write to the provided pointer address. Input/output isn't specifying calling convention (there's fastcall for that) - it is specifying the intent of the function. Otherwise every single parameter to a function would be an input because the function takes it and uses it...
  I worked on a massive codebase where we used Microsoft SAL to annotate all parameters to specify intent. The compiler could throw errors based on these annotations to indicate misuse.
  This seems like an extension of that.
- kevin_thibedeau 8 hours ago
  
  A pointer doesn't necessarily point to memory.
  
  2 replies →