Movatterモバイル変換


[0]ホーム

URL:


cppreference.com
Namespaces
Variants
    Actions

      Contract assertions(since C++26)

      From cppreference.com
      <cpp‎ |language
       
       
      C++ language
      General topics
      Flow control
      Conditional execution statements
      Iteration statements (loops)
      Jump statements
      Functions
      Function declaration
      Lambda function expression
      inline specifier
      Dynamic exception specifications(until C++17*)
      noexcept specifier(C++11)
      Exceptions
      Namespaces
      Types
      Specifiers
      constexpr(C++11)
      consteval(C++20)
      constinit(C++20)
      Storage duration specifiers
      Initialization
      Expressions
      Alternative representations
      Literals
      Boolean -Integer -Floating-point
      Character -String -nullptr(C++11)
      User-defined(C++11)
      Utilities
      Attributes(C++11)
      Types
      typedef declaration
      Type alias declaration(C++11)
      Casts
      Memory allocation
      Classes
      Class-specific function properties
      Special member functions
      Templates
      Miscellaneous
       
       

      Contract assertions allow the programmer to specify properties of the state of the programthat are expected to hold at certain points during execution.

      Contents

      [edit]Explanation

      Contract assertions are introduced byfunction contract specifiers andcontract_assert statements. Each contract assertion has apredicate , which is an expression of typebool.

      [edit]Evaluating contract assertions

      An evaluation of a contract assertion uses one of the following evaluation semantics:

       Evaluation semantic  Is a checking semantic  Is a terminating semantic 
      ignore
      observeYes
      enforceYesYes
      quick-enforceYesYes

      It is implementation-defined which evaluation semantic is used for any given evaluationof a contract assertion. The evaluation semantics can differ for different evaluations of the samecontract assertion, including evaluations during constant evaluation.

      If the “ignore” semantic is used, the evaluation of a contract assertion has no effect.

      If a checking semantic is used, the evaluationE of a contract assertion determines the value of the predicate. It is unspecified whether the predicate is evaluated. If any of the following conditions is satisfied, acontract violation occurs:

      • The value that would result from evaluating the predicate isfalse.
      • The evaluation of the predicate exits via an exception.
      • The evaluation of the predicate is performed in a context that ismanifestly constant-evaluated and the predicate is not acore constant expression.

      There is anobservable checkpointCP that happens beforeE such thatany other operationOP that happens beforeA also happens beforeCP.

      int num=0;void f() pre((num++,false)); f();// Increment of “num” might not occur, even if a checking semantic is used

      [edit]Handling contract violations

      If a contract violation occurs in a context that is manifestly constant-evaluated:

      • If the evaluation semantic is “observe”, a diagnostic is produced.
      • If the evaluation semantic is a terminating semantic, the program is ill-formed.

      If a contract violation occurs in a context that is not manifestly constant-evaluated:

      • If the evaluation semantic is “quick-enforce”, the program is contract-terminated.
      • If the evaluation semantic is “enforce” or “observe”, the contract-violation handler is invoked with an lvalue referring to an objectobj of typeconst std::contracts::contract_violation containing information about the contract violation.
        • Storage forobj is allocated in an unspecified manner, but no globalallocation function will be invoked.
        • The lifetime ofobj persists for the duration of the invocation of the contract-violation handler.

      [edit]Contract-terminated programs

      When the program iscontract-terminated , it is implementation-defined (depending oncontext) whether

      [edit]Contract-violation handler

      Thecontract-violation handler of a program is a function named::handle_contract_violation:

      void handle_contract_violation( std::contracts::contract_violation);
      (since C++26)
      (optionally noexcept)

      A definition of the contract-violation handler, called thedefault contract-violation handler , is provided by the implemenation (instead of a standard library header).

      It is implementation-defined whether the contract-violation handler isreplaceable. If the contract-violation handler is not replaceable, a declaration of a replacement function for the contract-violation handler is ill-formed, no diagnostic required.

      When the contract-violation handler returns normally:

      • If the evaluation semantic is “observe”, control flow continues normally after the point of evaluation of the contract assertion.
      • If the evaluation semantic is “enforce”, the program is contract-terminated.

      There is anobservable checkpointCP that happens after the contract-violation handler returns normally such that any other operationOP that happens afterthe contract-violation handler returns also happens afterCP.

      [edit]Handling exceptions from assertions

      If the contract violation occurred because the evaluation of the predicate exited via anexception and the evaluation semantic is “observe” or “enforce”, the contract-violation handler is invoked from within an active implicithandler for that exception.

      When the contract-violation handler returns normally:

      • If the evaluation semantic is “observe”, the implicit handler is no longer considered active.
      • If the evaluation semantic is “enforce”, the implicit handler remains active when contract termination occurs.

      The current exception can be inspected or rethrown within the contract-violation handler usingstd::current_exception().

      [edit]Evaluate in sequence

      Toevaluate in sequence a listR of contract assertions:

      1) Construct a list of contract assertionsS such that all following conditions are satisfied:
      • All elements ofR are inS.
      • Each element ofR may be repeated an implementation-defined number of times withinS.
      • If a contract assertionA precedes another contract assertionB inR, then the first occurrence ofA precedes the first occurrence ofB inS.
      2) Evaluate each element ofS such that, if a contract assertionA precedes a contract assertionB inS, then the evaluation ofA issequenced before the evaluation ofB.
      void f(int i){    contract_assert(i>0);// #1    contract_assert(i<10);// #2// valid sequence of evaluations:   #1 #2       (no repeat)// valid sequence of evaluations:   #1 #1 #2 #2 (repeat in sequence)// valid sequence of evaluations:   #1 #2 #1 #2 (repeat alternatively)// valid sequence of evaluations:   #1 #2 #2 #1 (second occurences can switch order)// invalid sequence of evaluations: #2 #1       (first occurences cannot switch)}

      [edit]Notes

      The range and flexibility of available choices of evaluation semantics depends on the implementation, and need not allow all four evaluation semantics as possibilities.

      Different evaluation semantics chosen for the same contract assertion in different translation units can result in violations of theone-definition rule when a contract assertion has side effects that alter the value produced by a constant expression:

      constexprint f(int i){    contract_assert((++const_cast<int&>(i),true));return i;} inlinevoid g(){int a[f(1)];// size dependent on the evaluation semantic of contract_assert above}

      If the value that would result from evaluating the predicate istrue, no contract violation occurs and control flow continues normally after the point of evaluation of the contract assertion.

      If the evaluation of the predicate exits by means ofnon-local jumps or terminating the program, no contract violation occurs either.

      It is recommended by the C++ standard that the default contract-violation handler should produce diagnostic output that suitably formats the most relevant contents of the argument (rate-limited for potentially repeated violations of observed contract assertions), and then return normally.

      Feature-test macroValueStdFeature
      __cpp_contracts202502L(C++26)Contracts

      [edit]Keywords

      contract_assert,pre,post

      [edit]Support status

      C++26 feature

       
      Paper(s)

       
      GCC
      Clang
      MSVC
      Apple Clang
      EDG eccp
      Intel C++
      Nvidia HPC C++ (ex PGI)*
      Nvidia nvcc
      Cray


      Contracts  (FTM)*P2900R14

      [edit]See also

      contract_assert statement(C++26) verifies an internal condition during execution[edit]
      function contract specifiers(C++26) specifies preconditions (pre) and postconditions (post)[edit]
      Retrieved from "https://en.cppreference.com/mwiki/index.php?title=cpp/language/contracts&oldid=182019"

      [8]ページ先頭

      ©2009-2025 Movatter.jp