{"id":10917,"date":"2025-08-25T09:35:30","date_gmt":"2025-08-25T09:35:30","guid":{"rendered":"https:\/\/www.modernescpp.com\/?p=10917"},"modified":"2025-09-08T16:06:14","modified_gmt":"2025-09-08T16:06:14","slug":"contracs-a-deep-dive","status":"publish","type":"post","link":"https:\/\/www.modernescpp.com\/index.php\/contracs-a-deep-dive\/","title":{"rendered":"Contracts: A Deep Dive"},"content":{"rendered":"\n<p>I already introduced contracts in the article \u201c<a href=\"https:\/\/www.modernescpp.com\/index.php\/contracts-in-c26\/\">Contracts in C++26<\/a>\u201d. In this article and the next ones, I will dive deeper into the details.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"682\" height=\"499\" src=\"https:\/\/www.modernescpp.com\/wp-content\/uploads\/2025\/07\/Time26Contract.png\" alt=\"\" class=\"wp-image-10918\" srcset=\"https:\/\/www.modernescpp.com\/wp-content\/uploads\/2025\/07\/Time26Contract.png 682w, https:\/\/www.modernescpp.com\/wp-content\/uploads\/2025\/07\/Time26Contract-300x220.png 300w\" sizes=\"auto, (max-width: 682px) 100vw, 682px\" \/><\/figure>\n\n\n\n<p>In this article, I refer mainly to the excellent proposal \u201cContracts for C++\u201d. Unfortunately, proposal <a href=\"https:\/\/www.open-std.org\/jtc1\/sc22\/wg21\/docs\/papers\/2025\/p2900r14.pdf\">P2900R14 <\/a>exceeds 100 pages in length. I will therefore try to summarize the most important points briefly and concisely. If in doubt, however, you should consult the proposal itself.<\/p>\n\n\n\n<p>I like to begin this article with a few basic definitions, which are essential for a deeper understanding of contracts. If this definition seems too abstract to you, read my introductory article \u201c<a href=\"https:\/\/www.modernescpp.com\/index.php\/contracts-in-c26\/\">Contracts in C++26<\/a>\u201d.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What are Contracts?<\/h2>\n\n\n\n<p>A <strong>contract <\/strong>specifies interfaces for software components in a precise and checkable way. These software components in C++26 are functions and methods. The contract is a set of conditions.<br>A <strong>contract violation <\/strong>occurs when a condition of the contract is not fulfilled. A contract violation can occur for three reasons:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The evaluation of the predicate returns <code>false<\/code>.<\/li>\n\n\n\n<li>The evaluation of the predicate causes an exception.<\/li>\n\n\n\n<li>The evaluation of the predicate occurs at compile time, but the predicate is not a constant expression.<\/li>\n<\/ul>\n\n\n\n<p>A <strong>correct program<\/strong> is a program that does not violate the contract.<br>The conditions fall into three categories:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A <strong>precondition<\/strong>: a predicate that is supposed to hold upon entry into a function.<\/li>\n\n\n\n<li>A <strong>postcondition<\/strong>: a predicate that is supposed to hold upon exit from the function.<\/li>\n\n\n\n<li>An <strong>invariant<\/strong>: a predicate that is supposed to hold at its point in the computation.<\/li>\n<\/ul>\n\n\n\n<p>The precondition and the postcondition are placed outside the function definition, but the invariant is placed inside the function definition. A predicate is an expression that returns a boolean.<\/p>\n\n\n\n<p>These predicates, used to check the contract, are called<strong> contract assertions<\/strong>. <\/p>\n\n\n\n<p>Here is a concrete example of the proposal. In this example, <code>contract_assert <\/code>stands for the invariant.<\/p>\n\n\n\n<!-- HTML generated using hilite.me --><div style=\"background: #f0f3f3; overflow:auto;width:auto;gray;border-width:.1em .1em .1em .8em\"><pre style=\"margin: 0; line-height: 125%;\"><span><\/span><span style=\"color: #078; font-weight: bold\">int<\/span><span style=\"color: #BBB\"> <\/span>f(<span style=\"color: #069; font-weight: bold\">const<\/span><span style=\"color: #BBB\"> <\/span><span style=\"color: #078; font-weight: bold\">int<\/span><span style=\"color: #BBB\"> <\/span>x)\n<span style=\"color: #BBB\">  <\/span>pre<span style=\"color: #BBB\"> <\/span>(x<span style=\"color: #BBB\"> <\/span><span style=\"color: #555\">!=<\/span><span style=\"color: #BBB\"> <\/span><span style=\"color: #F60\">1<\/span>)<span style=\"color: #BBB\"> <\/span><span style=\"color: #09F; font-style: italic\">\/\/ a precondition assertion<\/span>\n<span style=\"color: #BBB\">  <\/span>post(r<span style=\"color: #BBB\"> <\/span><span style=\"color: #555\">:<\/span><span style=\"color: #BBB\"> <\/span>r<span style=\"color: #BBB\"> <\/span><span style=\"color: #555\">==<\/span><span style=\"color: #BBB\"> <\/span>x<span style=\"color: #BBB\"> <\/span><span style=\"color: #555\">&amp;&amp;<\/span><span style=\"color: #BBB\"> <\/span>r<span style=\"color: #BBB\"> <\/span><span style=\"color: #555\">!=<\/span><span style=\"color: #BBB\"> <\/span><span style=\"color: #F60\">2<\/span>)<span style=\"color: #BBB\"> <\/span><span style=\"color: #09F; font-style: italic\">\/\/ a postcondition assertion; r names the result object of f<\/span>\n{\n<span style=\"color: #BBB\">  <\/span>contract_assert<span style=\"color: #BBB\"> <\/span>(x<span style=\"color: #BBB\"> <\/span><span style=\"color: #555\">!=<\/span><span style=\"color: #BBB\"> <\/span><span style=\"color: #F60\">3<\/span>);<span style=\"color: #BBB\"> <\/span><span style=\"color: #09F; font-style: italic\">\/\/ an assertion statement<\/span>\n<span style=\"color: #BBB\">  <\/span><span style=\"color: #069; font-weight: bold\">return<\/span><span style=\"color: #BBB\"> <\/span>x;\n}\n<\/pre><\/div>\n\n\n\n<p>The following calls to function <code>f <\/code>show the contract violations.<\/p>\n\n\n\n<!-- HTML generated using hilite.me --><div style=\"background: #f0f3f3; overflow:auto;width:auto;gray;border-width:.1em .1em .1em .8em\"><pre style=\"margin: 0; line-height: 125%;\"><span><\/span><span style=\"color: #078; font-weight: bold\">void<\/span><span style=\"color: #BBB\"> <\/span><span style=\"color: #C0F\">g<\/span>()\n{\n<span style=\"color: #BBB\">  <\/span>f(<span style=\"color: #F60\">0<\/span>);<span style=\"color: #BBB\"> <\/span><span style=\"color: #09F; font-style: italic\">\/\/ no contract violation<\/span>\n<span style=\"color: #BBB\">  <\/span>f(<span style=\"color: #F60\">1<\/span>);<span style=\"color: #BBB\"> <\/span><span style=\"color: #09F; font-style: italic\">\/\/ violates precondition assertion of f<\/span>\n<span style=\"color: #BBB\">  <\/span>f(<span style=\"color: #F60\">2<\/span>);<span style=\"color: #BBB\"> <\/span><span style=\"color: #09F; font-style: italic\">\/\/ violates postcondition assertion of f<\/span>\n<span style=\"color: #BBB\">  <\/span>f(<span style=\"color: #F60\">3<\/span>);<span style=\"color: #BBB\"> <\/span><span style=\"color: #09F; font-style: italic\">\/\/ violates assertion statement within f<\/span>\n<span style=\"color: #BBB\">  <\/span>f(<span style=\"color: #F60\">4<\/span>);<span style=\"color: #BBB\"> <\/span><span style=\"color: #09F; font-style: italic\">\/\/ no contract violation<\/span>\n}\n<\/pre><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">A few Restrictions <\/h3>\n\n\n\n<p>A few restrictions still apply to contracts. At this point, virtual functions cannot contain preconditions or postconditions. This will likely change with future standards.<br>Similar restrictions apply to defaulted and deleted functions. The first declaration of these functions must not contain any preconditions or postconditions.<br>Of course, restrictions also applied to constructors and destructors. Preconditions in constructors can only access non-static data members of the class using the <code>this <\/code>pointer. The same applies to postconditions in destructors.<\/p>\n\n\n\n<p>Now there are two important questions left to answer:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>When are contract assertions evaluated?<\/li>\n\n\n\n<li>What is the semantics of contract assertion evaluation?<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Point of Evaluation<\/h2>\n\n\n\n<p>This question can be answered directly with the proposal <a href=\"https:\/\/www.open-std.org\/jtc1\/sc22\/wg21\/docs\/papers\/2025\/p2900r14.pdf\">P2900R14<\/a>: <\/p>\n\n\n\n<p><em>Precondition assertions are evaluated immediately after function parameters are initialized and before entering the function body. Postcondition assertions are evaluated immediately after local variables in the function are destroyed when a function returns normally. Assertion statements are executed at the point in the function where control flow reaches them<\/em>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Evaluation Semantic<br><\/h2>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"860\" height=\"194\" src=\"https:\/\/www.modernescpp.com\/wp-content\/uploads\/2025\/07\/EvaluationSemantic.png\" alt=\"\" class=\"wp-image-10920\" style=\"width:500px\" srcset=\"https:\/\/www.modernescpp.com\/wp-content\/uploads\/2025\/07\/EvaluationSemantic.png 860w, https:\/\/www.modernescpp.com\/wp-content\/uploads\/2025\/07\/EvaluationSemantic-300x68.png 300w, https:\/\/www.modernescpp.com\/wp-content\/uploads\/2025\/07\/EvaluationSemantic-768x173.png 768w, https:\/\/www.modernescpp.com\/wp-content\/uploads\/2025\/07\/EvaluationSemantic-705x159.png 705w\" sizes=\"auto, (max-width: 860px) 100vw, 860px\" \/><\/figure>\n\n\n\n<p>The proposal suggests four evaluation semantics: <strong><code>ignore<\/code>, <code>observe<\/code>, <code>enforce<\/code>, <\/strong>and<code> <strong>quick-enforce.<\/strong><\/code><strong> <\/strong>However, an implementation can also implement its semantics. The selection of the evolution semantics depends on the implementation. It can offer semantic selection at compile time, link time, load time, or run time. The most likely option is selection via compiler flags. The following flag is used for the Clang and GCC compilers to apply the evaluation semantics <code>ignore<\/code>: <code>-fcontract_semantic=ignore<\/code>. However, it is also conceivable that the selection is made via configuration files or hooks in the executable.<\/p>\n\n\n\n<p>By default, enforce semantics should apply at run-time. An appropriate default configuration for an optimized release build should enforce semantics at compile time but ignore semantics at runtime.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What&#8217;s next?<\/h2>\n\n\n\n<p>In my next article, I will conclude my in-depth look at contracts. In particular, I will take a closer look at the four evaluation semantics: <code>ignore<\/code>, <code>observe<\/code>, <code>enforce<\/code>, and <code>quick-enforce<\/code>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I already introduced contracts in the article \u201cContracts in C++26\u201d. In this article and the next ones, I will dive deeper into the details. In this article, I refer mainly to the excellent proposal \u201cContracts for C++\u201d. Unfortunately, proposal P2900R14 exceeds 100 pages in length. I will therefore try to summarize the most important points [&hellip;]<\/p>\n","protected":false},"author":21,"featured_media":10918,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[559],"tags":[481],"class_list":["post-10917","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-c26-blog","tag-contracts"],"_links":{"self":[{"href":"https:\/\/www.modernescpp.com\/index.php\/wp-json\/wp\/v2\/posts\/10917","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.modernescpp.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.modernescpp.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.modernescpp.com\/index.php\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/www.modernescpp.com\/index.php\/wp-json\/wp\/v2\/comments?post=10917"}],"version-history":[{"count":20,"href":"https:\/\/www.modernescpp.com\/index.php\/wp-json\/wp\/v2\/posts\/10917\/revisions"}],"predecessor-version":[{"id":11151,"href":"https:\/\/www.modernescpp.com\/index.php\/wp-json\/wp\/v2\/posts\/10917\/revisions\/11151"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.modernescpp.com\/index.php\/wp-json\/wp\/v2\/media\/10918"}],"wp:attachment":[{"href":"https:\/\/www.modernescpp.com\/index.php\/wp-json\/wp\/v2\/media?parent=10917"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.modernescpp.com\/index.php\/wp-json\/wp\/v2\/categories?post=10917"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.modernescpp.com\/index.php\/wp-json\/wp\/v2\/tags?post=10917"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}