https://herbsutter.com/2018/07/02/trip-report-summer-iso-c-standards-meeting-rapperswil/
This looks to me like a huge step forward for C++....
* You get to install your own violation handler and ship a
release build with the option of turning on enforcement at run
time.
* You get to express audit to distinguish expensive checks to
be run only when explicitly requested.
* You get to express axiom contracts that are intended to never
generate run-time code but are available to static analysis
tools.
* Finally, you will likely get better performance, because
contracts should enable compilers to perform more
optimizations, more easily, than expressing them using
assertions.
The last to look very important to me.
I have been looking closely at what the compiler (and splint)
does with asserts in our code
https://stackoverflow.com/questions/50165291/how-can-one-implement-assert-to-make-use-of-gccs-optimizers-static-dataflo
And found that counter intuitively (in C at least), asserts
weakened gcc's static analysis abilities!
Step 2 is to (gradually) migrate std:: standard library
precondition violations in particular from exceptions (or error
codes) to contracts. The programming world now broadly
recognizes that programming bugs (e.g., out-of-bounds access,
null dereference, and in general all pre/post/assert-condition
violations) cause a corrupted state that cannot be recovered
from programmatically, and so they should never be reported to
the calling code as exceptions or error codes that code could
somehow handle.
Ah, that's a really nice statement.
