From Jason Turner

[dcl.contract]

C++23 → Trunk 8.4 KB 262 lines
Current Draft | LaTeX Source
Archived: C++23
Markdown: C++23 | Trunk
Explore in Adventure Game

Diff to HTML by rtfpessoa

Files changed (1) hide show
  1. tmp/tmppe2n1auv/{from.md → to.md} +259 -0
tmp/tmppe2n1auv/{from.md → to.md} RENAMED
@@ -0,0 +1,259 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ## Function contract specifiers <a id="dcl.contract">[[dcl.contract]]</a>
2
+
3
+ ### General <a id="dcl.contract.func">[[dcl.contract.func]]</a>
4
+
5
+ ``` bnf
6
+ function-contract-specifier-seq:
7
+ function-contract-specifier function-contract-specifier-seqₒₚₜ
8
+ ```
9
+
10
+ ``` bnf
11
+ function-contract-specifier:
12
+ precondition-specifier
13
+ postcondition-specifier
14
+ ```
15
+
16
+ ``` bnf
17
+ precondition-specifier:
18
+ 'pre' attribute-specifier-seqₒₚₜ '(' conditional-expression ')'
19
+ ```
20
+
21
+ ``` bnf
22
+ postcondition-specifier:
23
+ 'post' attribute-specifier-seqₒₚₜ '(' result-name-introducerₒₚₜ conditional-expression ')'
24
+ ```
25
+
26
+ A *function contract assertion* is a contract assertion
27
+ [[basic.contract.general]] associated with a function. A
28
+ *precondition-specifier* introduces a *precondition assertion*, which is
29
+ a function contract assertion associated with entering a function. A
30
+ *postcondition-specifier* introduces a *postcondition assertion*, which
31
+ is a function contract assertion associated with exiting a function
32
+ normally.
33
+
34
+ [*Note 1*: A postcondition assertion is not associated with exiting a
35
+ function in any other fashion, such as via an exception [[expr.throw]]
36
+ or via a call to `longjmp` [[csetjmp.syn]]. — *end note*]
37
+
38
+ The predicate [[basic.contract.general]] of a function contract
39
+ assertion is its *conditional-expression* contextually converted to
40
+ `bool`.
41
+
42
+ Each *function-contract-specifier* of a
43
+ *function-contract-specifier-seq* (if any) of an unspecified first
44
+ declaration [[basic.def]] of a function introduces a corresponding
45
+ function contract assertion for that function. The optional
46
+ *attribute-specifier-seq* following `pre` or `post` appertains to the
47
+ introduced contract assertion.
48
+
49
+ [*Note 2*: The *function-contract-specifier-seq* of a
50
+ *lambda-declarator* applies to the function call operator or operator
51
+ template of the corresponding closure type
52
+ [[expr.prim.lambda.closure]]. — *end note*]
53
+
54
+ A declaration D of a function or function template *f* that is not a
55
+ first declaration shall have either no *function-contract-specifier-seq*
56
+ or the same *function-contract-specifier-seq* (see below) as any first
57
+ declaration F reachable from D. If D and F are in different translation
58
+ units, a diagnostic is required only if D is attached to a named module.
59
+ If a declaration F₁ is a first declaration of `f` in one translation
60
+ unit and a declaration F₂ is a first declaration of `f` in another
61
+ translation unit, F₁ and F₂ shall specify the same
62
+ *function-contract-specifier-seq*, no diagnostic required.
63
+
64
+ A *function-contract-specifier-seq* S₁ is the same as a
65
+ *function-contract-specifier-seq* S₂ if S₁ and S₂ consist of the same
66
+ *function-contract-specifier*s in the same order. A
67
+ *function-contract-specifier* C₁ on a function declaration D₁ is the
68
+ same as a *function-contract-specifier* C₂ on a function declaration D₂
69
+ if
70
+
71
+ - their predicates P₁ and P₂ would satisfy the one-definition rule
72
+ [[basic.def.odr]] if placed in function definitions on the
73
+ declarations D₁ and D₂, respectively, except for
74
+ - renaming of the parameters of *f*,
75
+ - renaming of template parameters of a template enclosing **, and
76
+ - renaming of the result binding [[dcl.contract.res]], if any,
77
+
78
+ and, if D₁ and D₂ are in different translation units, corresponding
79
+ entities defined within each predicate behave as if there is a single
80
+ entity with a single definition, and
81
+ - both C₁ and C₂ specify a *result-name-introducer* or neither do.
82
+
83
+ If this condition is not met solely due to the comparison of two
84
+ *lambda-expression*s that are contained within P₁ and P₂, no diagnostic
85
+ is required.
86
+
87
+ [*Note 3*: Equivalent *function-contract-specifier-seq*s apply to all
88
+ uses and definitions of a function across all translation
89
+ units. — *end note*]
90
+
91
+ [*Example 1*:
92
+
93
+ ``` cpp
94
+ bool b1, b2;
95
+
96
+ void f() pre (b1) pre ([]{ return b2; }());
97
+ void f(); // OK, function-contract-specifiers omitted
98
+ void f() pre (b1) pre ([]{ return b2; }()); // error: closures have different types.
99
+ void f() pre (b1); // error: function-contract-specifiers only partially repeated
100
+
101
+ int g() post(r : b1);
102
+ int g() post(b1); // error: mismatched result-name-introducer presence
103
+
104
+ namespace N {
105
+ void h() pre (b1);
106
+ bool b1;
107
+ void h() pre (b1); // error: function-contract-specifiers differ according to
108
+ // the one-definition rule[basic.def.odr].
109
+ }
110
+ ```
111
+
112
+ — *end example*]
113
+
114
+ A virtual function [[class.virtual]], a deleted function
115
+ [[dcl.fct.def.delete]], or a function defaulted on its first declaration
116
+ [[dcl.fct.def.default]] shall not have a
117
+ *function-contract-specifier-seq*.
118
+
119
+ If the predicate of a postcondition assertion of a function *f* odr-uses
120
+ [[basic.def.odr]] a non-reference parameter of *f*, that parameter and
121
+ the corresponding parameter on all declarations of *f* shall have
122
+ `const` type.
123
+
124
+ [*Note 4*:
125
+
126
+ This requirement applies even to declarations that do not specify the
127
+ *postcondition-specifier*. Parameters with array or function type will
128
+ decay to non-`const` types even if a `const` qualifier is present.
129
+
130
+ [*Example 2*:
131
+
132
+ ``` cpp
133
+ int f(const int i[10])
134
+ post(r : r == i[0]); // error: i has type const int * (not int* const).
135
+ ```
136
+
137
+ — *end example*]
138
+
139
+ — *end note*]
140
+
141
+ [*Note 5*: The function contract assertions of a function are evaluated
142
+ even when invoked indirectly, such as through a pointer to function or a
143
+ pointer to member function. A pointer to function, pointer to member
144
+ function, or function type alias cannot have a
145
+ *function-contract-specifier-seq* associated directly with
146
+ it. — *end note*]
147
+
148
+ The function contract assertions of a function are considered to be
149
+ *needed* [[temp.inst]] when
150
+
151
+ - the function is odr-used [[basic.def.odr]] or
152
+ - the function is defined.
153
+
154
+ [*Note 6*:
155
+
156
+ Overload resolution does not consider *function-contract-specifier*s
157
+ [[temp.deduct]], [[temp.inst]].
158
+
159
+ [*Example 3*:
160
+
161
+ ``` cpp
162
+ template <typename T> void f(T t) pre( t == "" );
163
+ template <typename T> void f(T&& t);
164
+ void g()
165
+ {
166
+ f(5); // error: ambiguous
167
+ }
168
+ ```
169
+
170
+ — *end example*]
171
+
172
+ — *end note*]
173
+
174
+ ### Referring to the result object <a id="dcl.contract.res">[[dcl.contract.res]]</a>
175
+
176
+ ``` bnf
177
+ attributed-identifier:
178
+ identifier attribute-specifier-seqₒₚₜ
179
+ ```
180
+
181
+ ``` bnf
182
+ result-name-introducer:
183
+ attributed-identifier ':'
184
+ ```
185
+
186
+ The *result-name-introducer* of a *postcondition-specifier* is a
187
+ declaration. The *result-name-introducer* introduces the *identifier* as
188
+ the name of a *result binding* of the associated function. If a
189
+ postcondition assertion has a *result-name-introducer* and the return
190
+ type of the function is cv `void`, the program is ill-formed. A result
191
+ binding denotes the object or reference returned by invocation of that
192
+ function. The type of a result binding is the return type of its
193
+ associated function. The optional *attribute-specifier-seq* of the
194
+ *attributed-identifier* in the *result-name-introducer* appertains to
195
+ the result binding so introduced.
196
+
197
+ [*Note 1*: An *id-expression* that names a result binding is a `const`
198
+ lvalue [[expr.prim.id.unqual]]. — *end note*]
199
+
200
+ [*Example 1*:
201
+
202
+ ``` cpp
203
+ int f()
204
+ post(r : r == 1)
205
+ {
206
+ return 1;
207
+ }
208
+ int i = f(); // Postcondition check succeeds.
209
+ ```
210
+
211
+ — *end example*]
212
+
213
+ [*Example 2*:
214
+
215
+ ``` cpp
216
+ struct A {};
217
+ struct B {
218
+ B() {}
219
+ B(const B&) {}
220
+ };
221
+
222
+ template <typename T>
223
+ T f(T* const ptr)
224
+ post(r: &r == ptr)
225
+ {
226
+ return {};
227
+ }
228
+
229
+ int main() {
230
+ A a = f(&a); // The postcondition check can fail if the implementation introduces
231
+ // a temporary for the return value[class.temporary].
232
+ B b = f(&b); // The postcondition check succeeds, no temporary is introduced.
233
+ }
234
+ ```
235
+
236
+ — *end example*]
237
+
238
+ When the declared return type of a non-templated function contains a
239
+ placeholder type, a *postcondition-specifier* with a
240
+ *result-name-introducer* shall be present only on a definition.
241
+
242
+ [*Example 3*:
243
+
244
+ ``` cpp
245
+ auto g(auto&)
246
+ post (r: r >= 0); // OK, g is a template.
247
+
248
+ auto h()
249
+ post (r: r >= 0); // error: cannot name the return value
250
+
251
+ auto k()
252
+ post (r: r >= 0) // OK
253
+ {
254
+ return 0;
255
+ }
256
+ ```
257
+
258
+ — *end example*]
259
+