P0542R5 Support for contract based programming in C++ #2151
Conversation
source/basic.tex
Outdated
| @@ -550,6 +550,15 @@ | |||
| requirement applies recursively)\footnote{\ref{dcl.fct.default} | |||
| describes how default argument names are looked up.}; and | |||
|
|
|||
| \item if \tcode{D} is a function that | |||
There was a problem hiding this comment.
This "is a function" restriction is new, and appears to be incorrect for the "invokes a function with a precondition" part. Perhaps:
if
Dinvokes a function with a precondition, or is a function that contains an assertion or has a postcondition, [...]
There was a problem hiding this comment.
The "pure" model says preconditions are checked in the caller (so we need to account for that), but we have otherwise drafted wording that assumes (under as-if) that preconditions are actually evaluated in the callee. So, I think we should actually care for both places where precondition checking code could be emitted.
There was a problem hiding this comment.
I agree. However, this appears to be a normative change relative to the wording we were given, so can you send an email to the core reflector to make sure this won't surprise anyone?
source/basic.tex
Outdated
| contains an assertion, | ||
| has a postcondition, | ||
| or invokes a function with a precondition, | ||
| the conditions under which each definition of \tcode{D} |
There was a problem hiding this comment.
This "the conditions under which" phrasing is awkward. Presumably the intent is that an implementation can say that some combinations are allowed and some are not, so we can't just say:
[...] it is implementation-defined whether all definitions of
Dshall be translated using the same build level and violation continuation mode.
?
There was a problem hiding this comment.
Yes, it's my understanding that the implementation has to actually state the list of conditions, and the authors hope (in vain?) it's not "always", but something more modular and user-friendly.
There was a problem hiding this comment.
I've rephrased a bit more; it's now less awkward and still talks about "conditions".
source/declarations.tex
Outdated
| @@ -4239,3 +4240,414 @@ | |||
| could have the same address as \tcode{buckets} | |||
| if their respective types are all empty. | |||
| \end{example} | |||
|
|
|||
| \rSec2[dcl.attr.contract]{Contract attributes}% | |||
There was a problem hiding this comment.
We keep the subclauses of [dcl.attr] in alphabetical order. (So far that's been by attribute name, but the contract attributes throw a spanner in the works here.)
I'm not sure what the best answer is here.
There was a problem hiding this comment.
"We keep the subclauses of [dcl.attr] in alphabetical order."
Ah, that wasn't clear to me. But yes, the current list looks alphabetical.
Sort according to "contract" maybe? We already sort "likely" and "unlikely" under "likelihood".
@zygoloid, awaiting your answer before actually doing the move.
There was a problem hiding this comment.
Sure, let's sort by heading name.
source/declarations.tex
Outdated
| \begin{bnf} | ||
| \nontermdef{contract-attribute-specifier}\br | ||
| \terminal{[} \terminal{[} \terminal{expects} \opt{contract-level} \terminal{:} conditional-expression \terminal{]} \terminal{]}\br | ||
| \terminal{[} \terminal{[} \terminal{ensures} \opt{contract-level} \terminal{:} \opt{identifier} \terminal{:} conditional-expression \terminal{]} \terminal{]}\br |
There was a problem hiding this comment.
There's a stray colon here before the identifier.
There was a problem hiding this comment.
Uh, right.
So, this is a "fixup" against the original paper transcription. I'd really like to move that commit as a "fixup" right after the original paper application, but how do I do that given that I'm not supposed to force-push?
There was a problem hiding this comment.
What you did is fine, I'll figure out which commit it's a fixup for when I do the merging. Or if you're going to force push anyway to rebase and pick up the new header names table, you could merge it into the original paper commit yourself.
source/declarations.tex
Outdated
| \end{note} | ||
|
|
||
| \pnum | ||
| The predicate of a contract is potentially evaluated\iref{basic.def.odr}. |
There was a problem hiding this comment.
Move this sentence to the end of paragraph 5. Also, we should convert it to a note, since this follows from the definition of "potentially evaluated".
source/declarations.tex
Outdated
| setting or modifying the violation handler. | ||
| It is \impldef{argument for violation handler} | ||
| how the violation handler is established for a program and | ||
| how the \tcode{std::contract_violation} argument value is set. |
There was a problem hiding this comment.
I think we need an "except as specified below" here, since we're about to give some rules that dictate how parts of the contract_violation argument value are set.
There was a problem hiding this comment.
Agreed; also added a cross-reference to [support.contract.cviol].
source/derived.tex
Outdated
| } | ||
|
|
||
| struct C : A, B { | ||
| virtual void g(); // ill-formed, no diagnostic required |
There was a problem hiding this comment.
Wait, why is this "no diagnostic required"? The overrider doesn't satisfy the conditions of the ODR, and won't always produce the same value. This is just ill-formed, isn't it?
source/templates.tex
Outdated
| into the templated function, variable, or class | ||
| are two declarations of the same entity. | ||
| An \grammarterm{explicit-instantiation} of a function template | ||
| shall not specify a contract condition\iref{dcl.attr.contract}. |
There was a problem hiding this comment.
This is not an appropriate place for this rule (it's placed between a normative rule and its note and example). In fact, we often place such rules with the rules about the prohibited thing, not in the explicit instantiation rules. For example, [dcl.stc] disallows storage classes in explicit instantiations, and [except.spec] gives the rules for noexcept in explicit instantiations. But I would note that some other related rules are in [temp.explicit]p1: "An explicit instantiation of a function template, member function of a class template, or variable template shall not use the inline or constexpr specifiers." (And I'm not sure where we disallow an explicit instantiation from having default arguments...)
But this is also redundant. [dcl.attr.grammar]p5 says "No attribute-specifier-seq shall appertain to an explicit instantiation". So I think we should either drop this change or convert it to a note in p1.
There was a problem hiding this comment.
Removed due to redundancy. I'm not adding a note; we should decide whether we want the "explicit instantiation" restriction in [temp.explicit] or where the other feature is defined, and consistently put notes in the "other" places. See #2188, for a later time.
source/exceptions.tex
Outdated
| @@ -1028,6 +1028,19 @@ | |||
| \tcode{std::atexit} or \tcode{std::at_quick_exit} | |||
| exits via an exception\iref{support.start.term}, or | |||
|
|
|||
| \item% | |||
| when evaluation of a predicate\iref{dcl.attr.contract} | |||
There was a problem hiding this comment.
"a predicate" -> "the predicate of a contract"
source/lib-intro.tex
Outdated
| @@ -1013,41 +1013,46 @@ | |||
| {llll} | |||
| \topline | |||
| \tcode{<algorithm>} & | |||
| \tcode{<fstream>} & | |||
There was a problem hiding this comment.
This needs merging / rebasing.
There was a problem hiding this comment.
Do you want me to rebase (with force-push)? That is my preference; i have no idea what "merge" would do to me.
There was a problem hiding this comment.
Yes, pushing with --force-with-lease seems fine here. (I think that will probably do bad things to github's comment tracking, though I suppose there's only one way to find out.)
jensmaurer
added
the
needs rebase
|
All looks good so far. Thanks! |
jensmaurer
force-pushed
the
motions-2018-06-cwg-14
branch
from
6350c0f
to
5f6072d
Compare
jensmaurer
removed
the
needs rebase
|
Ok, pushed using --force-with-lease. |
Also move rules on virtual functions to [class.virtual]. Rephase assertion checking along pre/postcondition checking.
as per the definition in [basic.def.odr], so turn the redundant normative statement into a note.
given that [dcl.attr.grammar] already prohibits attribute-specifier-seqs for an explicit instantiation.
zygoloid
force-pushed
the
motions-2018-06-cwg-14
branch
from
5f6072d
to
913c83a
Compare
Fixes #2126.