Skip to content

Commit bf6dd9e

Browse files
NlightNFotisNlightNFotis
committed
Added extra use-case hints to the already present invariant definitions.
1 parent 086c266 commit bf6dd9e

File tree

1 file changed

+15
-1
lines changed

1 file changed

+15
-1
lines changed

src/util/invariant.h

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -225,15 +225,25 @@ inline void invariant_violated_string(
225225
// for INVARIANT.
226226

227227
// The condition should only contain (unmodified) arguments to the method.
228+
// Inputs include arguments passed to the function, as well as member
229+
// variables that the function may read.
228230
// "The design of the system means that the arguments to this method
229231
// will always meet this condition".
232+
//
233+
// The PRECONDITION documents / checks assumptions about the inputs
234+
// that is the caller's responsibility to make happen before the call.
230235
#define PRECONDITION(CONDITION) INVARIANT(CONDITION, "Precondition")
231236
#define PRECONDITION_STRUCTURED(CONDITION, TYPENAME, ...) \
232237
INVARIANT_STRUCTURED(CONDITION, TYPENAME, __VA_ARGS__)
233238

234239
// The condition should only contain variables that will be returned /
235240
// output without further modification.
236241
// "The implementation of this method means that the condition will hold".
242+
//
243+
// A POSTCONDITION documents what the function can guarantee about its
244+
// output when it returns, given that it was called with valid inputs.
245+
// Outputs include the return value of the function, as well as member
246+
// variables that the function may write.
237247
#define POSTCONDITION(CONDITION) INVARIANT(CONDITION, "Postcondition")
238248
#define POSTCONDITION_STRUCTURED(CONDITION, TYPENAME, ...) \
239249
INVARIANT_STRUCTURED(CONDITION, TYPENAME, __VA_ARGS__)
@@ -242,6 +252,10 @@ inline void invariant_violated_string(
242252
// changed by a previous method call.
243253
// "The contract of the previous method call means the following
244254
// condition holds".
255+
//
256+
// A difference between CHECK_RETURN and POSTCONDITION is that CHECK_RETURN is
257+
// a statement about what the caller expects from a function, whereas a
258+
// POSTCONDITION is a statement about guarantees made by the function itself.
245259
#define CHECK_RETURN(CONDITION) INVARIANT(CONDITION, "Check return value")
246260
#define CHECK_RETURN_STRUCTURED(CONDITION, TYPENAME, ...) \
247261
INVARIANT_STRUCTURED(CONDITION, TYPENAME, __VA_ARGS__)
@@ -261,7 +275,7 @@ inline void invariant_violated_string(
261275
// Legacy annotations
262276

263277
// The following should not be used in new code and are only intended
264-
// to migrate documentation and "error handling" in older code
278+
// to migrate documentation and "error handling" in older code.
265279
#define TODO INVARIANT(false, "Todo")
266280
#define UNIMPLEMENTED INVARIANT(false, "Unimplemented")
267281
#define UNHANDLED_CASE INVARIANT(false, "Unhandled case")

0 commit comments

Comments
 (0)