Date: Mon, 27 Oct 2025 14:19:55 +0200
I'm not sure if these are the right questions or not, but it seems to me
the main question discussed here so far, namely how are contract violations
handled, is the wrong one. You shouldn't rely on contracts to protect you
from UB (and any other undesired behavior) but rather use them to detect
such behavior. Static checkers should come in to make sure there is no
additional invalid behavior not detected by those contracts, and to make
sure assuming those contracts will hold is safe. Lacking such certainty you
should rely on traditional flow control for handling invalid use cases.
On Mon, Oct 27, 2025 at 12:42 PM Ville Voutilainen <
ville.voutilainen_at_[hidden]> wrote:
> On Mon, 27 Oct 2025 at 11:54, Andrei Zissu <andrziss_at_[hidden]> wrote:
> >
> > Is there no tool out there that can analyze code under the assumption
> that contracts will hold? And then possibly another tool that will
> exhaustively analyze possible code flows to verify that assumption?
>
> Yes, there are such tools, although probably not yet for C++26
> contracts specifically, but adding such support isn't all that hard,
> likely.
>
> But perhaps you should also ask a couple of other questions:
>
> - given a tool that gives you guaranteed assertions, do you need
> additional static analysis to use that tool productively, effectively,
> and correctly?
> - does that tool make it easy for said additional static analysis
> tools to help you ship your stuff?
>
the main question discussed here so far, namely how are contract violations
handled, is the wrong one. You shouldn't rely on contracts to protect you
from UB (and any other undesired behavior) but rather use them to detect
such behavior. Static checkers should come in to make sure there is no
additional invalid behavior not detected by those contracts, and to make
sure assuming those contracts will hold is safe. Lacking such certainty you
should rely on traditional flow control for handling invalid use cases.
On Mon, Oct 27, 2025 at 12:42 PM Ville Voutilainen <
ville.voutilainen_at_[hidden]> wrote:
> On Mon, 27 Oct 2025 at 11:54, Andrei Zissu <andrziss_at_[hidden]> wrote:
> >
> > Is there no tool out there that can analyze code under the assumption
> that contracts will hold? And then possibly another tool that will
> exhaustively analyze possible code flows to verify that assumption?
>
> Yes, there are such tools, although probably not yet for C++26
> contracts specifically, but adding such support isn't all that hard,
> likely.
>
> But perhaps you should also ask a couple of other questions:
>
> - given a tool that gives you guaranteed assertions, do you need
> additional static analysis to use that tool productively, effectively,
> and correctly?
> - does that tool make it easy for said additional static analysis
> tools to help you ship your stuff?
>
Received on 2025-10-27 12:20:10