Added extra use-case hints to the already present invariant definitions. #1
Conversation
src/util/invariant.h
Outdated
| // member variables of the object, in case they are implicit input to | ||
| // the function. It is also supposed to signal that even though an object | ||
| // is in a valid state, a particular function may not be operating on | ||
| // objects with the particular properties this one enjoys. |
There was a problem hiding this comment.
yes, this is why I wanted a review. Maybe an Englishman can chime in? I don't know what a proper expression for that would be, but I don't think that what's there is unreasonable.
There was a problem hiding this comment.
Instead of adding the first part of this description, can we rephrase the existing one above? Maybe something like The condition should only contain (unmodified) inputs to the method. Inputs include arguments passed to the method, as well as member variables that the method may read.
src/util/invariant.h
Outdated
| // | ||
| // A difference between CHECK_RETURN and POSTCONDITION is that CHECK_RETURN is | ||
| // supposed to assert much more specific details about what a function has | ||
| // returned, that is dependent on the specific needs of a caller. |
There was a problem hiding this comment.
The difference between POST_CONDITION and CHECK_RETURN isn't the details, it's that one is a statement of a function about itself, whereas the other is a statement about what a caller expects from a function.
| // | ||
| // It is okay for a DATA_INVARIANT to have an empty string as a reason string | ||
| // if you can't state the reason, or doing so doesn't add any information - | ||
| // just restates the condition. |
There was a problem hiding this comment.
IMHO doesn't belong as part of the documentation, also note that there are almost always better options.
src/util/invariant.h
Outdated
| // to migrate documentation and "error handling" in older code. | ||
| // | ||
| // It is okay to use these annotations during development locally, but | ||
| // make sure they are not present in any PR you are submitting. |
There was a problem hiding this comment.
That's a code/development style consideration that doesn't really belong here; In actual reality this is no different from "should not be used", obviously any code that's not made visible to other people doesn't fall under the style guidelines.
src/util/invariant.h
Outdated
| // member variables of the object, in case they are implicit input to | ||
| // the function. It is also supposed to signal that even though an object | ||
| // is in a valid state, a particular function may not be operating on | ||
| // objects with the particular properties this one enjoys. |
There was a problem hiding this comment.
Instead of adding the first part of this description, can we rephrase the existing one above? Maybe something like The condition should only contain (unmodified) inputs to the method. Inputs include arguments passed to the method, as well as member variables that the method may read.
src/util/invariant.h
Outdated
| // | ||
| // A POSTCONDITION documents what the function can guarantee after a "normal" | ||
| // execution about the state it returns to its caller (properties of objects | ||
| // that it returns). |
There was a problem hiding this comment.
Can we rephrase this to something like: A POSTCONDITION documents what the method guarantees about its output when it returns, given that it was called with valid inputs. Outputs include the return value of the method, as well as member variables that the method may write.
src/util/invariant.cpp
Outdated
| << "Reason: " << reason | ||
| << "\nBacktrace:\n" | ||
| << "Reason: " << reason << '\n' | ||
| << "Backtrace:" << '\n' |
There was a problem hiding this comment.
Could include newline in string: "Backtrace:\n"
There was a problem hiding this comment.
Ahh no. It was like that but I changed it to make it more uniform and consistent with the rest of the stringbuilding process.
src/util/invariant.h
Outdated
| function, | ||
| line, | ||
| backtrace, | ||
| std::forward<Params>(params)..., |
There was a problem hiding this comment.
Can we have the variable number of arguments as the last argument? (i.e., change the order of this line and the subsequent one). We also need to change the order of the reason and the condition parameters of the constructor of invariant_failedt then.
NlightNFotis
force-pushed
the
invariant_changes
branch
from
062c8b1 to
33ca9e2
Compare
src/util/invariant.h
Outdated
| @@ -225,15 +230,26 @@ inline void invariant_violated_string( | |||
| // for INVARIANT. | |||
|
|
|||
| // The condition should only contain (unmodified) arguments to the method. | |||
| // Inputs includ arguments passed to the function, as well as member | |||
src/util/invariant.h
Outdated
| @@ -242,6 +258,10 @@ inline void invariant_violated_string( | |||
| // changed by a previous method call. | |||
| // "The contract of the previous method call means the following | |||
| // condition holds". | |||
| // | |||
| // A difference between CHECK_RETURN and POSTCONDITION is that CHECK_RETURN is | |||
| // a statement about the what the caller expects from a function, whereas a | |||
src/util/invariant.cpp
Outdated
| << " line " << line << '\n' | ||
| << "Reason: " << reason | ||
| << "\nBacktrace:\n" | ||
| << "File " << file << " function " << function << " line " << line << '\n' |
There was a problem hiding this comment.
Since you're already touching this, maybe it's clearer to insert a comma after the function name, or use something like <file:line>
src/util/invariant.cpp
Outdated
| << "File " << file << " function " << function << " line " << line << '\n' | ||
| << "Condition: " << condition << '\n' | ||
| << "Reason: " << reason << '\n' | ||
| << "Backtrace:" << '\n' | ||
| << backtrace << '\n'; |
There was a problem hiding this comment.
It seems that the word "Backtrace" occurs twice in the example, so I think we should remove
https://github.com/NlightNFotis/cbmc/blob/invariant_changes/src/util/invariant.cpp#L82
There was a problem hiding this comment.
Nice, I hadn't seen that backtrace was there. Thanks for it.
|
@krobelus Solid review, thanks for your time. |
NlightNFotis
force-pushed
the
invariant_changes
branch
2 times, most recently
from
fed7ea1 to
fe36e4e
Compare
NlightNFotis
force-pushed
the
invariant_changes
branch
from
fe36e4e to
07d0703
Compare
|
This has served its purpose as a primary discussion ground for this work, and has now been superseded by the actual PR against develop --> diffblue#2666 |
We should keep the struct tag type, not follow it and get the struct type
This is just a dummy PR, against my own fork, so that people can review early the changes in the invariant code and documentation before they get submitted to develop.