Menu
I read about contracts in Thoughts about C++17 by B. Stroustrup and assisted a small presentation talking about them but I am not sure I have understood them really.
So I have some interrogations and if it is possible to illustrate them with some examples :
Are contracts just a better replacement of the classic assert(), and should they be used together? What contracts really are put in simple terms for a software dev?
Would contracts have an impact on how we handle exceptions? If yes, how should we use exceptions and contracts?
Would using contracts imply an overhead at execution time? Will we be allowed to deactivate them on release code?
From the proposal N4415:
A pre-condition contract of the indexing operator of a Vector class could be written:
T& operator[](size_t i) [[expects: i < size()]];Similarly, a post-condition contract on a constructor of an ArrayView class could be expressed as:
ArrayView(const vector<T>& v) [[ensures: data() == v.data()]];
Thanks to @Keith Thompson comment:
Contracts didn't make it into C++20. A new study group, SG21, has been created.
896
In 2015, Boeing had contracts totaling $16.6 billion with the government. One such contract was awarded by the U.S. Navy and was worth a little over $8 million for logistics support services and maintenance planning for aircraft.
December 1/15: Boeing has finished production of the final C-17 Globemaster III aircraft and it will make its way to Qatar next year. The completion of the plane will see the Long Beach plant close at a loss of 400 jobs.
The Government of Canada has procured five CC-177 Globemaster III aircraft. In 2014, the cost of the project was estimated at $1.946 billion for the aircraft, spare engines, ancillary equipment, specialized systems, project costs including initial logistic support, and contingency for exchange rate fluctuation.
As far as I've read from this document: http://www.open-std.org/JTC1/SC22/WG21/docs/papers/2015/n4415.pdf
Contracts do what assert has been trying to do in a primitive way for years. They're both documentation and a run-time assert of how the caller should be expected to call the function and in what state can the caller expect the code to be after the function has returned. Those are usually known as pre-conditions and post-conditions, or invariants.
This helps clean up code on the implementation side, because with contracts we can assume that once the execution has gone inside your function, your arguments are in valid state (what you expect them to be).
The post-conditions part might change how you handle exceptions, because with contracts you will have to make sure that throwing an exception won't break your post-conditions. This usually means that your code has to be exception safe, though whether that means strong exception guarantee or basic guarantee depends on your conditions.
Example:
class Data; class MyVector { public: void MyVector::push_back(Elem e) [[ensures: data != nullptr]] { if(size >= capacity) { Data* p = data; data = nullptr; // Just for the sake of the example... data = new Data[capacity*2]; // Might throw an exception // Copy p into data and delete p } // Add the element to the end } private: Data* data; // other data }; In this example here, if new or Data's constructor throws an exception, your post-condition is violated. This means that you should change all such code to make sure your Contract is never violated!
Of course, just like assert, contracts might include a run-time overhead. The difference though is that since contracts can be put as part of the function's declaration, the compiler can do better optimizations, such as evaluating the conditions at the caller's site or even evaluate them at compile time. Section 1.5 of the document mentioned at the beginning of this post talks about the possibilities of turning off contracts depending on your build configuration, just like plain old asserts.
107
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
