| Paper number: P1344R1 | Topic: Pre/Post vs. Enspects/Exsures | Author: Nathan Myers | Email: ncm@cantrip.org | Audience: CWG | Status: As approved EWG | Date: 2019-02-20 ## Pre/Post vs. Expects/Ensures The Contracts proposal went in with the choice of keywords "expects" and "ensures", without justification. This is a problem because the words are a source of repeated and continued confusion everywhere they appear. [-The choice in the proposal matches Microsoft's private version, which- / It] was good enough for the proposal, but is not good enough for C++20. A much better choice, for reasons to be explained, would be "pre" and "post'. In every discussion of contract provisions I have had where the distinction between pre- and postconditions matters, at least one participant (often enough, your author) mixed up "ensures" and "expects", at least once. Words--at least, English words--that both begin and end with the same letter will always be confused, absent extra attention stolen from other concerns. Programmers' attention is too precious to squander keeping unnecessarily similar words straight. Our Standards identify, for most library functions, "Preconditions" and "Postconditions". We have always had the option to change them to "Expects:" and "Ensures:", and it has been suggested, but there has never been any enthusiasm for such a change: what we have has been proven to work well. An excerpt from Richard Feyman's book, "Surely You're Joking": > When the students were explaining something to me in Portuguese, > I couldn't understand it very well, even though I knew a certain > amount of Portuguese. It was not exactly clear to me whether they > had said "increase," or "decrease," or "not increase," or "not > decrease," or "decrease slowly." But when they struggled with > English, they'd say "ahp" or "doon," and I knew which way it was, > even though the pronunciation was lousy and the grammar was all > screwed up. "Ensures" and "expects" are our "not increase" and "not decrease". It matters which one we mean when we write it or say it, but it is all too easy to say or write the wrong one, and to hear or read the wrong one. ### Convenience If the minefield of confusion were not enough, "ensures" and "expects" are twice as long as "pre" and "post". This is not a complaint about typing, but about reading: longer words and similar words are processed more slowly. It is about displacing other, more immediately meaningful text, possibly beyond the margin of easy reading, or to another line or off the screen. The same problem affects speech: two syllables for the same idea is worse than one. > Don't use a five-dollar word when a fifty-cent word will do.” > ― Mark Twain ` "Ensures" and "expects" may not be five-dollar words, but they cost too much. [It was further noted in WG that "ensure" and "ensures" have opposite senses, regarding the party engaged, a large difference for a single letter.] ### Proposal: Change "expects" and "ensures" in the WD definition of contracts to (respectively) "pre" and "post" for C++20. SF F N A SA 11 21 8 2 2 ### Wording: Amend N4800 as follows. 1. In 9.11.4.1 Syntax [dcl.attr.contract.syn], paragraph 1, change > `[ [ expects` contract-level opt : conditional-expression `] ]` > `[ [ ensures` contract-level opt identifier opt : conditional-expression `] ]` to > `[ [ pre` contract-level opt : conditional-expression `] ]` > `[ [ post` contract-level opt identifier opt : conditional-expression `] ]` 2. In paragraph 2, change > A contract-attribute-specifier using `expects` is a precondition. to > A contract-attribute-specifier using `pre` is a precondition. 3. In paragraph 3, change > A contract-attribute-specifier using `ensures` is a postcondition. to > A contract-attribute-specifier using `post` is a postcondition. 4. In 14.1 [cpp.cond] paragraph 6, table 16, change lines > `ensures` 201806L > `expects` 201806L to > `post` 201806L > `pre` 201806L moving both above `unlikely` to maintain lexicographical order. 4. In 15.4.1.4 Detailed specifications [structure.specifications] paragraph 3.4, example, change `[[expects]]` to `[[pre:` ... `]]`. 5. In 15.5.4.3.2 Macro names [macro.names] paragraph 2, change > identifiers `expects` or `ensures` to > identifiers `pre` or `post` 6. In each example in 9.11.4 [dcl.attr.contract], change each use of `[[expects` to `[[pre`, and `[[ensures` to `[[post`. 7. In each example in 10.6.2 [class.virtual], change each use of `[[expects` to `[[pre`.