Date: Tue, 14 Oct 2025 16:32:42 -0400
On 10/14/25 4:17 PM, Gabriel Dos Reis via SG21 wrote:
>
> [Tom]
>
> * They are, or will be, once either of P3290 (Integrating Existing
> Assertions With Contracts) <https://wg21.link/p3290> or P3400
> (Specifying Contract Assertion Properties with Labels)
> <https://wg21.link/p3400> is adopted.
>
> If that conjecture is true, then I would recommend to wait for those
> papers to be implemented, with deployment experience and adopted
> before phrasing the hardened standard library in terms of contracts.
>
I find the existing practice as demonstrated by libc++ both sufficient
and compelling. I accept that you may feel differently.
Tom.
> -- Gaby
>
> *From:*SG15 <sg15-bounces_at_[hidden]> *On Behalf Of *Tom
> Honermann via SG15
> *Sent:* Tuesday, October 14, 2025 4:00 PM
> *To:* sg21_at_[hidden]; Ville Voutilainen via SG15
> <sg15_at_[hidden]>
> *Cc:* Tom Honermann <tom_at_[hidden]>
> *Subject:* Re: [isocpp-sg15] [isocpp-sg21] P3835 -- Different contract
> checking for different libraries
>
> On 10/14/25 3:21 PM, Ran Regev via SG21 wrote:
>
> On Tue, Oct 14, 2025, 21:47 Ville Voutilainen via SG15
> <sg15_at_[hidden]> wrote:
>
> On Tue, 14 Oct 2025 at 21:42, Ryan McDougall
> <mcdougall.ryan_at_[hidden]> wrote:
> >
> > And there are existing deployments where it's not desired
> and not a requirement...
>
> That doesn't mean that hardening should be possible to be
> turned off
> by a contract evaluation semantic choice
>
> One of the fundamental aspects of p2900 is that the person who
> write the contract is not the one who selects the semantics for
> the application.
>
> Is this aspect of contracts aligned with hardened libraries needs?
> The discussion seems to reveal that not. And therefore the draft
> paper mentioned earlier seems to be correct - contracts are not
> good fit for standard library hardening.
>
> They are, or will be, once either of P3290 (Integrating Existing
> Assertions With Contracts) <https://wg21.link/p3290> or P3400
> (Specifying Contract Assertion Properties with Labels)
> <https://wg21.link/p3400> is adopted.
>
> Tom.
>
> applying to other code. Or more in the opposite direction, it doesn't
> mean that the choice of a contract evaluation semantic
> for other code should turn the hardening off.
>
>
> > The original sin is thinking that any one engineer knows all
> domains and anything that doesn't fit their preconceptions is
> universally wrong.
>
> Funny, you seem to be the only person in this discussion stating that
> something is universally wrong, or otherwise I have misunderstood
> what you think "patently false" means.
>
> >P2900 has been in development for a long time, and is useful and
> needed. The idea it's "unsafe" shows a lack of understanding of
> what that word means.
>
> Oh sure, it's a likely story that the critics of P2900 simply
> misunderstand something. In fact, a story so unlikely that it's safe
> to say it's patently false.
> _______________________________________________
> SG15 mailing list
> SG15_at_[hidden]
> https://lists.isocpp.org/mailman/listinfo.cgi/sg15
>
>
>
> _______________________________________________
> SG21 mailing list
> SG21_at_[hidden]
> Subscription:https://lists.isocpp.org/mailman/listinfo.cgi/sg21
> Link to this post:http://lists.isocpp.org/sg21/2025/10/11273.php
>
> _______________________________________________
> SG21 mailing list
> SG21_at_[hidden]
> Subscription:https://lists.isocpp.org/mailman/listinfo.cgi/sg21
> Link to this post:http://lists.isocpp.org/sg21/2025/10/11281.php
>
> [Tom]
>
> * They are, or will be, once either of P3290 (Integrating Existing
> Assertions With Contracts) <https://wg21.link/p3290> or P3400
> (Specifying Contract Assertion Properties with Labels)
> <https://wg21.link/p3400> is adopted.
>
> If that conjecture is true, then I would recommend to wait for those
> papers to be implemented, with deployment experience and adopted
> before phrasing the hardened standard library in terms of contracts.
>
I find the existing practice as demonstrated by libc++ both sufficient
and compelling. I accept that you may feel differently.
Tom.
> -- Gaby
>
> *From:*SG15 <sg15-bounces_at_[hidden]> *On Behalf Of *Tom
> Honermann via SG15
> *Sent:* Tuesday, October 14, 2025 4:00 PM
> *To:* sg21_at_[hidden]; Ville Voutilainen via SG15
> <sg15_at_[hidden]>
> *Cc:* Tom Honermann <tom_at_[hidden]>
> *Subject:* Re: [isocpp-sg15] [isocpp-sg21] P3835 -- Different contract
> checking for different libraries
>
> On 10/14/25 3:21 PM, Ran Regev via SG21 wrote:
>
> On Tue, Oct 14, 2025, 21:47 Ville Voutilainen via SG15
> <sg15_at_[hidden]> wrote:
>
> On Tue, 14 Oct 2025 at 21:42, Ryan McDougall
> <mcdougall.ryan_at_[hidden]> wrote:
> >
> > And there are existing deployments where it's not desired
> and not a requirement...
>
> That doesn't mean that hardening should be possible to be
> turned off
> by a contract evaluation semantic choice
>
> One of the fundamental aspects of p2900 is that the person who
> write the contract is not the one who selects the semantics for
> the application.
>
> Is this aspect of contracts aligned with hardened libraries needs?
> The discussion seems to reveal that not. And therefore the draft
> paper mentioned earlier seems to be correct - contracts are not
> good fit for standard library hardening.
>
> They are, or will be, once either of P3290 (Integrating Existing
> Assertions With Contracts) <https://wg21.link/p3290> or P3400
> (Specifying Contract Assertion Properties with Labels)
> <https://wg21.link/p3400> is adopted.
>
> Tom.
>
> applying to other code. Or more in the opposite direction, it doesn't
> mean that the choice of a contract evaluation semantic
> for other code should turn the hardening off.
>
>
> > The original sin is thinking that any one engineer knows all
> domains and anything that doesn't fit their preconceptions is
> universally wrong.
>
> Funny, you seem to be the only person in this discussion stating that
> something is universally wrong, or otherwise I have misunderstood
> what you think "patently false" means.
>
> >P2900 has been in development for a long time, and is useful and
> needed. The idea it's "unsafe" shows a lack of understanding of
> what that word means.
>
> Oh sure, it's a likely story that the critics of P2900 simply
> misunderstand something. In fact, a story so unlikely that it's safe
> to say it's patently false.
> _______________________________________________
> SG15 mailing list
> SG15_at_[hidden]
> https://lists.isocpp.org/mailman/listinfo.cgi/sg15
>
>
>
> _______________________________________________
> SG21 mailing list
> SG21_at_[hidden]
> Subscription:https://lists.isocpp.org/mailman/listinfo.cgi/sg21
> Link to this post:http://lists.isocpp.org/sg21/2025/10/11273.php
>
> _______________________________________________
> SG21 mailing list
> SG21_at_[hidden]
> Subscription:https://lists.isocpp.org/mailman/listinfo.cgi/sg21
> Link to this post:http://lists.isocpp.org/sg21/2025/10/11281.php
Received on 2025-10-14 20:32:46