Boost logo

Boost :

Subject: Re: [boost] [contract] Without the macros
From: Lorenzo Caminiti (lorcaminiti_at_[hidden])
Date: 2016-06-24 16:10:56


On Wed, Jun 15, 2016 at 2:21 PM, Klaim - Joël Lamotte <mjklaim_at_[hidden]> wrote:
> On 15 June 2016 at 23:15, Lorenzo Caminiti <lorcaminiti_at_[hidden]> wrote:
>
>> On Wed, Jun 15, 2016 at 8:47 AM, Matt Calabrese <rivorus_at_[hidden]> wrote:
>> > On Jun 15, 2016 08:31, "Lorenzo Caminiti" <lorcaminiti_at_[hidden]> wrote:
>> > Have you followed any of the recent papers regarding language-level
>> > contracts for C++?
>>
>> No... but I should definitely take a look! Do you have a link to the
>> proposal to get me started?
>
>
> Here is the last version of the proposal:
> http://open-std.org/JTC1/SC22/WG21/docs/papers/2016/p0380r0.pdf

I always thought it'd be great to have contracts added to the core
language... if not for anything else, for a more concise syntax and
compiler optimizations. Unfortunately I found this P0380 proposal
largely inadequate. In my opinion/experience, the following are major
issues with P0380:

1. Complete lack of class invariants. In my experience, class
invariants are essentially as important as preconditions when
programming contracts for objects.
2. No old values for postconditions. In my experience, most
postcondition assertions cannot be programmed without old values.
3. If I understand it correctly, the rule that "the contracts of every
declaration of a function must be (ODR) identical" (P0380 section 4)
essentially prevent subcontracting.

Class invariants, postcondition old values, and subcontracting are key
aspects of contract programming. A framework that does not support
those is not really a contract programming framework, it's essentially
just a bit more than `assert()`. Maybe that was the intent of P0380 to
be just a bit more than `assert()`... but is that useful or it's best
to just use `assert()` at that point (maybe within #ifdef to emulate
the default/axiom/audit levels)?

N1962 (http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2006/n1962.html)
was a solid proposal for adding Contract Programming to C++. Why not
accepting that proposal (maybe with the attributes syntax introduced
by P0380)?

I might write to P0380 authors with some of these notes.

Thanks,
--Lorenzo

P.S. Of course, these P0380 gaps will make Boost.Contract useful even
on C++1z (say if you want to do basic stuff like using old values in
postconditions, programming a class invariants, or even more complex
stuff like using subcontracting).


Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk