[vtk-developers] Handling invalid vtp files

Francois Bertel francois.bertel at kitware.com
Sun Feb 14 13:36:59 EST 2010 

That's not what you wrote in your assertion.
A good assertion would be a pre-condition like:

void vtkDataArrayTemplate<T>::GetTuple(vtkIdType i, double* tuple)
{
assert("pre: i_in_bounds" && i>=0 && i<this->GetNumberOfTuples());

T* t = this->Array + this->NumberOfComponents*i;
...
}

A pre-condition has a really precise meaning: if a pre-condition is
not true, this is a bug in the caller. The caller has not ensured its
part of the contract.

If the pre-conditions have been ensured by the caller but a
post-condition is false, this is a bug in the called method. The
called method has not ensured its part of the contract.


This is a no-op in release mode (no performance footprint). But it is
not a replacement for validating the input file.

Assertions check for program *correctness*.
Validating an input data file ensures the program *robustness* to
external run-time context.


On Sun, Feb 14, 2010 at 12:11 PM, Karthik Krishnan
<karthik.krishnan at kitware.com> wrote:
> Yes. I fully agree with you, in this case.
>
> Part of this discussion digressed into bounds checking in performance
> critical code etc, where customized asserts, as used with boost with
> an informative message, would help.
>
> Microsoft does it in its STL iterators, Boost does... Haven't you
> found that "Iterator out of bounds" message useful ? I have.
>
>
> On Sun, Feb 14, 2010 at 10:47 AM, Francois Bertel
> <francois.bertel at kitware.com> wrote:
>> Asserts are for programming errors ONLY. Assert check if a programming
>> is valid, bug free. It is just a very basic way in C++ to implement
>> Programming by Contract
>> http://en.wikipedia.org/wiki/Design_by_contract (check of
>> pre/post-conditions and invariants).
>>
>>
>> They are NOT for checking the validity of the incoming data a program
>> is loading or receiving. A program has to be robust regarding the
>> input data (a file can be badly generated or can be corrupted because
>> of a faulty block on a disk or an error in a remote connexion).
>>
>>
>>
>> On Sun, Feb 14, 2010 at 8:58 AM, Karthik Krishnan
>> <karthik.krishnan at kitware.com> wrote:
>>> On Sat, Feb 13, 2010 at 6:18 PM, David Doria <daviddoria+vtk at gmail.com> wrote:
>>>> to something like:
>>>> template <class T>
>>>> void vtkDataArrayTemplate<T>::GetTuple(vtkIdType i, double* tuple)
>>>> {
>>>>   T* t = this->Array + this->NumberOfComponents*i;
>>>>   if(!t)
>>>>     {
>>>>     return;
>>>>     }
>>>
>>> You could change that to : assert(t != NULL)
>>>
>>> I think the VTK community would okay assert's. They compile only when
>>> _DEBUG is defined; ie no overhead in the release version. That said,
>>> Berk is right, that in this case it doesn't provide very useful
>>> information..
>>>
>>> Mimicking some of boost's compile time and static assertion's might be
>>> good for VTK, to enable bounds checking and traits validity even in
>>> performance critical code.
>>> _______________________________________________
>>> Powered by www.kitware.com
>>>
>>> Visit other Kitware open-source projects at http://www.kitware.com/opensource/opensource.html
>>>
>>> Follow this link to subscribe/unsubscribe:
>>> http://www.vtk.org/mailman/listinfo/vtk-developers
>>>
>>>
>>
>>
>>
>> --
>> François Bertel, PhD  | Kitware Inc. Suite 204
>> 1 (518) 371 3971 x113 | 28 Corporate Drive
>>                      | Clifton Park NY 12065, USA
>> _______________________________________________
>> Powered by www.kitware.com
>>
>> Visit other Kitware open-source projects at http://www.kitware.com/opensource/opensource.html
>>
>> Follow this link to subscribe/unsubscribe:
>> http://www.vtk.org/mailman/listinfo/vtk-developers
>>
>>
>



-- 
François Bertel, PhD  | Kitware Inc. Suite 204
1 (518) 371 3971 x113 | 28 Corporate Drive
                      | Clifton Park NY 12065, USA

More information about the vtk-developers mailing list