Enforce Inform Ignore Assume - Gradual Adoption of Contract in Production Code

By Alisdair Meredith

C++23 is adding a contract checking facility directly into the language, but even prior to the language feature, contract checking systems, often build around macros such as BSLS_ASSERT in the Bloomberg open source BDE library, have supported developers describing their interfaces and auditing their code for errors.

In this talk, Alisdair Meredith will present the four fundamental semantics of a contract check that can support rolling out a contract facility retroactively into a live production system. The basic workflow is insert the contracts as rich comments that are Ignored, then turn on some telemetry to Inform you when contracts are violated, while continuing as before. Once there is confidence the system has addressed all known issues (which may take some time!) contracts can be Enforced, terminating the program when a violation is detected. Finally, for performance critical parts of the system, contracts may be Assumed by the optimizer, rather then checked at runtime, once the system is believe to be bug free.

This talk will refer to both the proposed C++23 language support for contracts, and the open source BDE library facility that allows largely the same workflow in a C++03 toolchain, as a practical alternative where the proposed language feature is not yet available for experimentation.