Date: Tue, 21 Oct 2025 01:08:49 -0400
On 10/20/25 5:01 PM, Ville Voutilainen via SG21 wrote:
> On Mon, 20 Oct 2025 at 23:57, Gašper Ažman <gasper.azman_at_[hidden]> wrote:
>> I mean that the P2900 syntax is enough for assertions; inline semantic forcing IMO actually decreases safety (in the same way that to keep an exposed gas pipe safe, you should mark it loudly, and not try to build massive walls, because it statistically leads to fewer accidents).
> I don't understand how that answers my question.
>
>> We will need a massive investment into static analysis for the predicates to be useful for proving programs correct without runtime checks, which is where the real step-change will come from. In my opinion.
> It's curious indeed that we didn't then choose an approach that would
> actually help all that static analysis, and perhaps make that
> investment less
> massive.
You've made such assertions before. As someone who worked on a static
analysis product for over a decade, I can say, without hesitation,
unequivocally, that P2900 contract assertions are usable and useful for
static analysis. Full stop.
>
> Suggested massive investments tend to have bad chances of actually happening...
I believe the investment that Gašper is referring to is the application
of contract assertions to existing/new software projects, not investment
in static analysis techniques and technologies.
Tom.
> _______________________________________________
> SG21 mailing list
> SG21_at_[hidden]
> Subscription: https://lists.isocpp.org/mailman/listinfo.cgi/sg21
> Link to this post: http://lists.isocpp.org/sg21/2025/10/11535.php
> On Mon, 20 Oct 2025 at 23:57, Gašper Ažman <gasper.azman_at_[hidden]> wrote:
>> I mean that the P2900 syntax is enough for assertions; inline semantic forcing IMO actually decreases safety (in the same way that to keep an exposed gas pipe safe, you should mark it loudly, and not try to build massive walls, because it statistically leads to fewer accidents).
> I don't understand how that answers my question.
>
>> We will need a massive investment into static analysis for the predicates to be useful for proving programs correct without runtime checks, which is where the real step-change will come from. In my opinion.
> It's curious indeed that we didn't then choose an approach that would
> actually help all that static analysis, and perhaps make that
> investment less
> massive.
You've made such assertions before. As someone who worked on a static
analysis product for over a decade, I can say, without hesitation,
unequivocally, that P2900 contract assertions are usable and useful for
static analysis. Full stop.
>
> Suggested massive investments tend to have bad chances of actually happening...
I believe the investment that Gašper is referring to is the application
of contract assertions to existing/new software projects, not investment
in static analysis techniques and technologies.
Tom.
> _______________________________________________
> SG21 mailing list
> SG21_at_[hidden]
> Subscription: https://lists.isocpp.org/mailman/listinfo.cgi/sg21
> Link to this post: http://lists.isocpp.org/sg21/2025/10/11535.php
Received on 2025-10-21 05:08:52