Date: Fri, 24 Sep 2021 16:49:08 +0000
That scenario fails to satisfy the "well-formed program" predicate in my original message:
>> Finally, for a well-formed program with well-defined behavior fed with the correct data, ignoring contracts (with diagnostics, if one wishes) would be a correct (if poor quality) implementation.
๐
-- Gaby
-----Original Message-----
From: Ville Voutilainen <ville.voutilainen_at_[hidden]>
Sent: Friday, September 24, 2021 9:41 AM
To: Gabriel Dos Reis <gdr_at_microsoft.com>
Cc: SG21 <sg21_at_[hidden]>; Jens Maurer <Jens.Maurer_at_gmx.net>; Aaron Ballman <aaron_at_aaronballman.com>; WG14/WG21 liaison mailing list <liaison_at_lists.isocpp.org>
Subject: Re: [isocpp-sg21] [wg14/wg21 liaison] Telecon to review P2388R1 Minimum Contract Support: either Ignore or Check_and_abort
On Fri, 24 Sept 2021 at 19:26, Gabriel Dos Reis <gdr_at_microsoft.com> wrote:
> [Ville]
> > Gaby, I must wonder whether your definition of "ignorable" is
> > different from Jens's. To me, a requirement that
> > a contract is syntax-checked and entities referred in it odr-used
> > doesn't allow for anything that I would describe
> > as "ignoring".
>
> I suspect both Jens and I are have the same understanding of "ignorable".
> If the program is correct, then it didn't violate any diagnosable rule, consequently ignoring them would not violate any diagnosable rule.
>
> Am I misunderstanding the point you're hinting at? Any example to help?
The intent of P2388 is that an ill-formed contract check is diagnosed,
even if the contract check is not evaluated.
There are two ways to handle contracts, either 'ignore' them or
'enforce' them, but in both of those ways,
the contract needs to be syntax-checked and it odr-uses the entities
it refers to. Completely ignoring a contract
would fail to diagnose violations of diagnosable rules. As far as
practical examples go,
bool mah_bucket_predicate(int x);
void mah_funcshoon_takin_intzorz(int a, int b)
[[pre: mah_bucket_predicate(a, b)]];
is ill-formed, because the potentially-evaluated invocation of
mah_bucket_predicate() is ill-formed, it doesn't take two arguments,
it takes one.
Andrzej, Gasper: the wording doesn't achieve this completely correctly. It says
"An ignored correctness annotation test performs no operation. [Note:
The predicate is potentially-evaluated (6.3). โend note] "
Make that note normative.
>> Finally, for a well-formed program with well-defined behavior fed with the correct data, ignoring contracts (with diagnostics, if one wishes) would be a correct (if poor quality) implementation.
๐
-- Gaby
-----Original Message-----
From: Ville Voutilainen <ville.voutilainen_at_[hidden]>
Sent: Friday, September 24, 2021 9:41 AM
To: Gabriel Dos Reis <gdr_at_microsoft.com>
Cc: SG21 <sg21_at_[hidden]>; Jens Maurer <Jens.Maurer_at_gmx.net>; Aaron Ballman <aaron_at_aaronballman.com>; WG14/WG21 liaison mailing list <liaison_at_lists.isocpp.org>
Subject: Re: [isocpp-sg21] [wg14/wg21 liaison] Telecon to review P2388R1 Minimum Contract Support: either Ignore or Check_and_abort
On Fri, 24 Sept 2021 at 19:26, Gabriel Dos Reis <gdr_at_microsoft.com> wrote:
> [Ville]
> > Gaby, I must wonder whether your definition of "ignorable" is
> > different from Jens's. To me, a requirement that
> > a contract is syntax-checked and entities referred in it odr-used
> > doesn't allow for anything that I would describe
> > as "ignoring".
>
> I suspect both Jens and I are have the same understanding of "ignorable".
> If the program is correct, then it didn't violate any diagnosable rule, consequently ignoring them would not violate any diagnosable rule.
>
> Am I misunderstanding the point you're hinting at? Any example to help?
The intent of P2388 is that an ill-formed contract check is diagnosed,
even if the contract check is not evaluated.
There are two ways to handle contracts, either 'ignore' them or
'enforce' them, but in both of those ways,
the contract needs to be syntax-checked and it odr-uses the entities
it refers to. Completely ignoring a contract
would fail to diagnose violations of diagnosable rules. As far as
practical examples go,
bool mah_bucket_predicate(int x);
void mah_funcshoon_takin_intzorz(int a, int b)
[[pre: mah_bucket_predicate(a, b)]];
is ill-formed, because the potentially-evaluated invocation of
mah_bucket_predicate() is ill-formed, it doesn't take two arguments,
it takes one.
Andrzej, Gasper: the wording doesn't achieve this completely correctly. It says
"An ignored correctness annotation test performs no operation. [Note:
The predicate is potentially-evaluated (6.3). โend note] "
Make that note normative.
Received on 2021-09-24 11:49:12