Shulou(Shulou.com)06/01 Report--

This article mainly introduces "C++ explains the advantages of post-conditions". In daily operation, I believe many people have doubts about C++ explaining the advantages of post-conditions. The editor consulted all kinds of materials and sorted out simple and easy-to-use methods of operation. I hope it will be helpful to answer the doubts that "C++ explains the advantages of post-conditions". Next, please follow the editor to study!

I.7: State postconditions (explain post-condition) Reason (reason)

To detect misunderstandings about the result and possibly catch erroneous implementations.

On the one hand, you can check for misunderstandings of the results, on the other hand, you can capture error-prone implementations.

Example, bad (negative example)

Consider: (consider)

Int area (int height, int width) {return height * width;} / / bad

Here we (recklessly) omit the definition of preconditions, so it is not clear that the height and width must be positive. We also do not define post-conditions, so it is not easy to detect errors in the algorithm when the area is larger than the maximum integer. An overflow error occurs here. Consider using:

Int area (int height, int width) {auto res = height * width; Ensures (res > 0); return res;}

Translator's note: as opposed to Expects for precondition, Ensures is used to express postcondition. This is in line with the development idea of modern C++: to advocate the expression of purpose rather than practice.

Example, bad (negative example)

Consider a famous security bug: (consider a well-known security bug)

Void f () / / problematic {char buffer [MAX]; / /. Memset (buffer, 0, sizeof (buffer));}

There was no postcondition stating that the buffer should be cleared and the optimizer eliminated the apparently redundant memset () call:

There is no post condition indicating that the buffer should be emptied, so the optimizer eliminates significantly redundant memset calls.

Void f () / / better {char buffer [MAX]; / /. Memset (buffer, 0, sizeof (buffer)); Ensures (buffer [0] = = 0);}

Translator's note: this example is slightly better than the previous one, but the content of Ensures is more specifically designed to prevent optimization and does not seem to reflect the original idea.

Note (Note)

Post conditions are often expressed informally in comments that describe the purpose of a function. Using Ensures () makes the post condition more systematic, intuitive, and easy to check.

Note (Note)

It is especially important when post-conditions and some results that do not directly reflect the return value, such as the state in which the data structure has been used.

Translator's note: the caller may pay more attention to whether it is there or not, ignoring details such as status.

Example (sample)

Consider a function that manipulates a Record, using a mutex to avoid race conditions:

Consider an operation record function that uses mutex to prevent race conditions.

Mutex m

Void manipulate (Record& r) / / don't {m.lock (); / /... No m.unlock ().}

Here we "forgot" that the mutex should be released, so we don't know if the failure to guarantee the release of the mutex is bug or a feature. It shows that the post-condition can make this clear:

Void manipulate (Record& r) / / postcondition: m is unlocked upon exit {m.lock (); / / No m.unlock ().}

It is already obvious that there is bug (but it is only a human-readable comment). A better option is to use RAII to ensure that the post condition ("lock must be released") will be forcibly released.

Void manipulate (Record& r) / / best {lock_guard _ {m}; / /...}

Translator's note: lock_guard is a new feature of Clippers 11, which is actually a simple RAII encapsulation, which is locked in the constructor and unlocked in the destructor. The advantage of this is to ensure that the lock will be released when the function exits.

Note (Note)

Ideally, post conditions are specified at the time of the interface or declaration so that the user can simply see them. Only the postconditions related to the user can be described in the interface. Post-conditions that are only relevant to the internal state are defined and implemented.

Enforcement (implementation recommendations)

(non-mandatory) this is a philosophical criterion and there is usually no way to examine it directly. Domain-specific inspectors (such as lock retention checkers) exist in many tool chains.

At this point, the study of "C++ explains the advantages of post-conditions" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.