Date: Tue, 14 Oct 2025 13:27:27 -0700
C++ is not in a vacuum -- people are building vehicles and robots now and
making language choices. C++ will never ever beat Rust on Language Safety,
but it has a lane for Functional Safety.
If there was reason to believe there were insurmountable problems I'd be
sympathetic, but all arguments have been of one of two forms: "P2900 is too
minimal" or "P2900 is not minimal enough". EWG and Plenary have decided
it's about as right as one can get in the committee model. There is no
"here" here.
On Tue, Oct 14, 2025 at 1:17 PM Gabriel Dos Reis via SG21 <
sg21_at_[hidden]> wrote:
> [Tom]
>
> - They are, or will be, once either of P3290 (Integrating Existing
> Assertions With Contracts) <https://wg21.link/p3290> or P3400
> (Specifying Contract Assertion Properties with Labels)
> <https://wg21.link/p3400> is adopted.
>
>
>
> If that conjecture is true, then I would recommend to wait for those
> papers to be implemented, with deployment experience and adopted before
> phrasing the hardened standard library in terms of contracts.
>
>
>
> -- Gaby
>
>
>
> *From:* SG15 <sg15-bounces_at_[hidden]> *On Behalf Of *Tom Honermann
> via SG15
> *Sent:* Tuesday, October 14, 2025 4:00 PM
> *To:* sg21_at_[hidden]; Ville Voutilainen via SG15 <
> sg15_at_[hidden]>
> *Cc:* Tom Honermann <tom_at_[hidden]>
> *Subject:* Re: [isocpp-sg15] [isocpp-sg21] P3835 -- Different contract
> checking for different libraries
>
>
>
> On 10/14/25 3:21 PM, Ran Regev via SG21 wrote:
>
>
>
> On Tue, Oct 14, 2025, 21:47 Ville Voutilainen via SG15 <
> sg15_at_[hidden]> wrote:
>
> On Tue, 14 Oct 2025 at 21:42, Ryan McDougall <mcdougall.ryan_at_[hidden]>
> wrote:
> >
> > And there are existing deployments where it's not desired and not a
> requirement...
>
> That doesn't mean that hardening should be possible to be turned off
> by a contract evaluation semantic choice
>
> One of the fundamental aspects of p2900 is that the person who write the
> contract is not the one who selects the semantics for the application.
>
> Is this aspect of contracts aligned with hardened libraries needs? The
> discussion seems to reveal that not. And therefore the draft paper
> mentioned earlier seems to be correct - contracts are not good fit for
> standard library hardening.
>
> They are, or will be, once either of P3290 (Integrating Existing
> Assertions With Contracts) <https://wg21.link/p3290> or P3400 (Specifying
> Contract Assertion Properties with Labels) <https://wg21.link/p3400> is
> adopted.
>
> Tom.
>
>
>
> applying to other code. Or more in the opposite direction, it doesn't
> mean that the choice of a contract evaluation semantic
> for other code should turn the hardening off.
>
>
> > The original sin is thinking that any one engineer knows all domains and
> anything that doesn't fit their preconceptions is universally wrong.
>
> Funny, you seem to be the only person in this discussion stating that
> something is universally wrong, or otherwise I have misunderstood
> what you think "patently false" means.
>
> >P2900 has been in development for a long time, and is useful and needed.
> The idea it's "unsafe" shows a lack of understanding of what that word
> means.
>
> Oh sure, it's a likely story that the critics of P2900 simply
> misunderstand something. In fact, a story so unlikely that it's safe
> to say it's patently false.
> _______________________________________________
> SG15 mailing list
> SG15_at_[hidden]
> https://lists.isocpp.org/mailman/listinfo.cgi/sg15
>
>
>
> _______________________________________________
>
> SG21 mailing list
>
> SG21_at_[hidden]
>
> Subscription: https://lists.isocpp.org/mailman/listinfo.cgi/sg21
>
> Link to this post: http://lists.isocpp.org/sg21/2025/10/11273.php
>
> _______________________________________________
> SG21 mailing list
> SG21_at_[hidden]
> Subscription: https://lists.isocpp.org/mailman/listinfo.cgi/sg21
> Link to this post: http://lists.isocpp.org/sg21/2025/10/11281.php
>
making language choices. C++ will never ever beat Rust on Language Safety,
but it has a lane for Functional Safety.
If there was reason to believe there were insurmountable problems I'd be
sympathetic, but all arguments have been of one of two forms: "P2900 is too
minimal" or "P2900 is not minimal enough". EWG and Plenary have decided
it's about as right as one can get in the committee model. There is no
"here" here.
On Tue, Oct 14, 2025 at 1:17 PM Gabriel Dos Reis via SG21 <
sg21_at_[hidden]> wrote:
> [Tom]
>
> - They are, or will be, once either of P3290 (Integrating Existing
> Assertions With Contracts) <https://wg21.link/p3290> or P3400
> (Specifying Contract Assertion Properties with Labels)
> <https://wg21.link/p3400> is adopted.
>
>
>
> If that conjecture is true, then I would recommend to wait for those
> papers to be implemented, with deployment experience and adopted before
> phrasing the hardened standard library in terms of contracts.
>
>
>
> -- Gaby
>
>
>
> *From:* SG15 <sg15-bounces_at_[hidden]> *On Behalf Of *Tom Honermann
> via SG15
> *Sent:* Tuesday, October 14, 2025 4:00 PM
> *To:* sg21_at_[hidden]; Ville Voutilainen via SG15 <
> sg15_at_[hidden]>
> *Cc:* Tom Honermann <tom_at_[hidden]>
> *Subject:* Re: [isocpp-sg15] [isocpp-sg21] P3835 -- Different contract
> checking for different libraries
>
>
>
> On 10/14/25 3:21 PM, Ran Regev via SG21 wrote:
>
>
>
> On Tue, Oct 14, 2025, 21:47 Ville Voutilainen via SG15 <
> sg15_at_[hidden]> wrote:
>
> On Tue, 14 Oct 2025 at 21:42, Ryan McDougall <mcdougall.ryan_at_[hidden]>
> wrote:
> >
> > And there are existing deployments where it's not desired and not a
> requirement...
>
> That doesn't mean that hardening should be possible to be turned off
> by a contract evaluation semantic choice
>
> One of the fundamental aspects of p2900 is that the person who write the
> contract is not the one who selects the semantics for the application.
>
> Is this aspect of contracts aligned with hardened libraries needs? The
> discussion seems to reveal that not. And therefore the draft paper
> mentioned earlier seems to be correct - contracts are not good fit for
> standard library hardening.
>
> They are, or will be, once either of P3290 (Integrating Existing
> Assertions With Contracts) <https://wg21.link/p3290> or P3400 (Specifying
> Contract Assertion Properties with Labels) <https://wg21.link/p3400> is
> adopted.
>
> Tom.
>
>
>
> applying to other code. Or more in the opposite direction, it doesn't
> mean that the choice of a contract evaluation semantic
> for other code should turn the hardening off.
>
>
> > The original sin is thinking that any one engineer knows all domains and
> anything that doesn't fit their preconceptions is universally wrong.
>
> Funny, you seem to be the only person in this discussion stating that
> something is universally wrong, or otherwise I have misunderstood
> what you think "patently false" means.
>
> >P2900 has been in development for a long time, and is useful and needed.
> The idea it's "unsafe" shows a lack of understanding of what that word
> means.
>
> Oh sure, it's a likely story that the critics of P2900 simply
> misunderstand something. In fact, a story so unlikely that it's safe
> to say it's patently false.
> _______________________________________________
> SG15 mailing list
> SG15_at_[hidden]
> https://lists.isocpp.org/mailman/listinfo.cgi/sg15
>
>
>
> _______________________________________________
>
> SG21 mailing list
>
> SG21_at_[hidden]
>
> Subscription: https://lists.isocpp.org/mailman/listinfo.cgi/sg21
>
> Link to this post: http://lists.isocpp.org/sg21/2025/10/11273.php
>
> _______________________________________________
> SG21 mailing list
> SG21_at_[hidden]
> Subscription: https://lists.isocpp.org/mailman/listinfo.cgi/sg21
> Link to this post: http://lists.isocpp.org/sg21/2025/10/11281.php
>
Received on 2025-10-14 20:27:43