New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
P0542R5 Support for contract based programming in C++ #2151
Conversation
source/basic.tex
Outdated
@@ -550,6 +550,15 @@ | |||
requirement applies recursively)\footnote{\ref{dcl.fct.default} | |||
describes how default argument names are looked up.}; and | |||
|
|||
\item if \tcode{D} is a function that |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This "is a function" restriction is new, and appears to be incorrect for the "invokes a function with a precondition" part. Perhaps:
if
D
invokes a function with a precondition, or is a function that contains an assertion or has a postcondition, [...]
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The "pure" model says preconditions are checked in the caller (so we need to account for that), but we have otherwise drafted wording that assumes (under as-if) that preconditions are actually evaluated in the callee. So, I think we should actually care for both places where precondition checking code could be emitted.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree. However, this appears to be a normative change relative to the wording we were given, so can you send an email to the core reflector to make sure this won't surprise anyone?
source/basic.tex
Outdated
contains an assertion, | ||
has a postcondition, | ||
or invokes a function with a precondition, | ||
the conditions under which each definition of \tcode{D} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This "the conditions under which" phrasing is awkward. Presumably the intent is that an implementation can say that some combinations are allowed and some are not, so we can't just say:
[...] it is implementation-defined whether all definitions of
D
shall be translated using the same build level and violation continuation mode.
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, it's my understanding that the implementation has to actually state the list of conditions, and the authors hope (in vain?) it's not "always", but something more modular and user-friendly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've rephrased a bit more; it's now less awkward and still talks about "conditions".
source/declarations.tex
Outdated
@@ -4239,3 +4240,414 @@ | |||
could have the same address as \tcode{buckets} | |||
if their respective types are all empty. | |||
\end{example} | |||
|
|||
\rSec2[dcl.attr.contract]{Contract attributes}% |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We keep the subclauses of [dcl.attr] in alphabetical order. (So far that's been by attribute name, but the contract attributes throw a spanner in the works here.)
I'm not sure what the best answer is here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"We keep the subclauses of [dcl.attr] in alphabetical order."
Ah, that wasn't clear to me. But yes, the current list looks alphabetical.
Sort according to "contract" maybe? We already sort "likely" and "unlikely" under "likelihood".
@zygoloid, awaiting your answer before actually doing the move.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, let's sort by heading name.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed.
source/declarations.tex
Outdated
\begin{bnf} | ||
\nontermdef{contract-attribute-specifier}\br | ||
\terminal{[} \terminal{[} \terminal{expects} \opt{contract-level} \terminal{:} conditional-expression \terminal{]} \terminal{]}\br | ||
\terminal{[} \terminal{[} \terminal{ensures} \opt{contract-level} \terminal{:} \opt{identifier} \terminal{:} conditional-expression \terminal{]} \terminal{]}\br |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's a stray colon here before the identifier.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Uh, right.
So, this is a "fixup" against the original paper transcription. I'd really like to move that commit as a "fixup" right after the original paper application, but how do I do that given that I'm not supposed to force-push?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What you did is fine, I'll figure out which commit it's a fixup for when I do the merging. Or if you're going to force push anyway to rebase and pick up the new header names table, you could merge it into the original paper commit yourself.
source/declarations.tex
Outdated
\end{note} | ||
|
||
\pnum | ||
The predicate of a contract is potentially evaluated\iref{basic.def.odr}. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Move this sentence to the end of paragraph 5. Also, we should convert it to a note, since this follows from the definition of "potentially evaluated".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed; fixed.
source/declarations.tex
Outdated
setting or modifying the violation handler. | ||
It is \impldef{argument for violation handler} | ||
how the violation handler is established for a program and | ||
how the \tcode{std::contract_violation} argument value is set. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we need an "except as specified below" here, since we're about to give some rules that dictate how parts of the contract_violation
argument value are set.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed; also added a cross-reference to [support.contract.cviol].
source/derived.tex
Outdated
} | ||
|
||
struct C : A, B { | ||
virtual void g(); // ill-formed, no diagnostic required |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wait, why is this "no diagnostic required"? The overrider doesn't satisfy the conditions of the ODR, and won't always produce the same value. This is just ill-formed, isn't it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right, fixed.
source/templates.tex
Outdated
into the templated function, variable, or class | ||
are two declarations of the same entity. | ||
An \grammarterm{explicit-instantiation} of a function template | ||
shall not specify a contract condition\iref{dcl.attr.contract}. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not an appropriate place for this rule (it's placed between a normative rule and its note and example). In fact, we often place such rules with the rules about the prohibited thing, not in the explicit instantiation rules. For example, [dcl.stc] disallows storage classes in explicit instantiations, and [except.spec] gives the rules for noexcept in explicit instantiations. But I would note that some other related rules are in [temp.explicit]p1: "An explicit instantiation of a function template, member function of a class template, or variable template shall not use the inline or constexpr specifiers." (And I'm not sure where we disallow an explicit instantiation from having default arguments...)
But this is also redundant. [dcl.attr.grammar]p5 says "No attribute-specifier-seq shall appertain to an explicit instantiation". So I think we should either drop this change or convert it to a note in p1.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed due to redundancy. I'm not adding a note; we should decide whether we want the "explicit instantiation" restriction in [temp.explicit] or where the other feature is defined, and consistently put notes in the "other" places. See #2188, for a later time.
source/exceptions.tex
Outdated
@@ -1028,6 +1028,19 @@ | |||
\tcode{std::atexit} or \tcode{std::at_quick_exit} | |||
exits via an exception\iref{support.start.term}, or | |||
|
|||
\item% | |||
when evaluation of a predicate\iref{dcl.attr.contract} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"a predicate" -> "the predicate of a contract"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed.
source/lib-intro.tex
Outdated
@@ -1013,41 +1013,46 @@ | |||
{llll} | |||
\topline | |||
\tcode{<algorithm>} & | |||
\tcode{<fstream>} & |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This needs merging / rebasing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you want me to rebase (with force-push)? That is my preference; i have no idea what "merge" would do to me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, pushing with --force-with-lease seems fine here. (I think that will probably do bad things to github's comment tracking, though I suppose there's only one way to find out.)
All looks good so far. Thanks! |
6350c0f
to
5f6072d
Compare
Ok, pushed using --force-with-lease. |
Also move rules on virtual functions to [class.virtual]. Rephase assertion checking along pre/postcondition checking.
as per the definition in [basic.def.odr], so turn the redundant normative statement into a note.
given that [dcl.attr.grammar] already prohibits attribute-specifier-seqs for an explicit instantiation.
5f6072d
to
913c83a
Compare
Fixes #2126.