Date: Fri, 06 Oct 2023 07:31:47 +0200
Am Freitag, dem 06.10.2023 um 02:02 +0300 schrieb Ville Voutilainen:
> On Thu, 5 Oct 2023 at 20:50, Martin Uecker via Liaison
> <liaison_at_[hidden]> wrote:
> > > WG21 does not want contract annotations to be ignorable in the same
> > > way as attributes (both in terms of allowing an implementation to not
> > > support contracts and in terms of not allowing syntactic errors in the
> > > arguments to the contract), so that would be a very poor fit.
> >
> > Ah, right, I forgot that this was a design goal.
> >
> > (The problem is that this will make it much harder for C projects
> > to usefully adopt it.)
>
> WG14 doesn't necessarily need to set that design goal for itself even
> if WG21 might. It's unclear to me whether
> that design goal is the right choice for the ecosystem of C.
To be honest, I think it is a mistake also for C++. I believe
that even for C++ people will end up trying to introduce this into
existing code and then are forced to make it ignorable by wrapping it
into #ifdef or macros. The end result would neither be nice
nor ignorable.
>
> It wouldn't cause me loss of sleep if C compilers were allowed to
> completely ignore a contract annotation.
> Fixing syntax errors when using a compiler that doesn't ignore them is
> compatible with compilers that would
> ignore the annotations.
Right. And especially in a context where headers are shared, the
scenario that for some transition time (probably decades) the code
needs be processed also by compilers not supporting contracts seems
very likely.
For C I think it would be important to have a syntax that is ignorable.
The best option for C would be to simply use attributes. The second
best would be to use a syntax that can has the form of macro
invocations. The third best option is syntax that can be skipped
over easily (so has similar technical properties such as attributes).
A syntax as proposed here (it seems, correct me if I am wrong) such
as:
void f(int x)
pre <audit> (x > 0);
would be a pretty bad choice for C.
If C++ decides to adopt this syntax, the consequence would be one of:
1) C has to use a completely different syntax if adds contracts.
2) Most C projects will not be able to use the syntax directly
for several decades. This will then require use of the preprocessor
to hide it (also in shared headers with C++) and also likely
delay adoption a lot.
Martin
> On Thu, 5 Oct 2023 at 20:50, Martin Uecker via Liaison
> <liaison_at_[hidden]> wrote:
> > > WG21 does not want contract annotations to be ignorable in the same
> > > way as attributes (both in terms of allowing an implementation to not
> > > support contracts and in terms of not allowing syntactic errors in the
> > > arguments to the contract), so that would be a very poor fit.
> >
> > Ah, right, I forgot that this was a design goal.
> >
> > (The problem is that this will make it much harder for C projects
> > to usefully adopt it.)
>
> WG14 doesn't necessarily need to set that design goal for itself even
> if WG21 might. It's unclear to me whether
> that design goal is the right choice for the ecosystem of C.
To be honest, I think it is a mistake also for C++. I believe
that even for C++ people will end up trying to introduce this into
existing code and then are forced to make it ignorable by wrapping it
into #ifdef or macros. The end result would neither be nice
nor ignorable.
>
> It wouldn't cause me loss of sleep if C compilers were allowed to
> completely ignore a contract annotation.
> Fixing syntax errors when using a compiler that doesn't ignore them is
> compatible with compilers that would
> ignore the annotations.
Right. And especially in a context where headers are shared, the
scenario that for some transition time (probably decades) the code
needs be processed also by compilers not supporting contracts seems
very likely.
For C I think it would be important to have a syntax that is ignorable.
The best option for C would be to simply use attributes. The second
best would be to use a syntax that can has the form of macro
invocations. The third best option is syntax that can be skipped
over easily (so has similar technical properties such as attributes).
A syntax as proposed here (it seems, correct me if I am wrong) such
as:
void f(int x)
pre <audit> (x > 0);
would be a pretty bad choice for C.
If C++ decides to adopt this syntax, the consequence would be one of:
1) C has to use a completely different syntax if adds contracts.
2) Most C projects will not be able to use the syntax directly
for several decades. This will then require use of the preprocessor
to hide it (also in shared headers with C++) and also likely
delay adoption a lot.
Martin
Received on 2023-10-06 05:31:50