<!DOCTYPE html>

<html lang="en">

<head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no">
    <meta name="apple-mobile-web-app-capable" content="yes">
    <meta name="apple-mobile-web-app-status-bar-style" content="black">
    <meta name="mobile-web-app-capable" content="yes">
    <title>
        Contracts Use Case Categorization - HackMD
    </title>
    <link rel="icon" type="image/png" href="https://hackmd.io/favicon.png">
    <link rel="apple-touch-icon" href="https://hackmd.io/apple-touch-icon.png">

    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha256-916EbMg70RQy9LHiGkXzG8hSg9EdNy97GazNG/aiY1w=" crossorigin="anonymous" />
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css" integrity="sha256-eZrrJcwDc/3uDhsdt61sL2oOBY362qM3lon1gyExkL0=" crossorigin="anonymous" />
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css" integrity="sha256-3iu9jgsy9TpTwXKb7bNQzqWekRX7pPK+2OLj3R922fo=" crossorigin="anonymous" />
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/octicons/3.5.0/octicons.min.css" integrity="sha256-QiWfLIsCT02Sdwkogf6YMiQlj4NE84MKkzEMkZnMGdg=" crossorigin="anonymous" />
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/prism/1.5.1/themes/prism.min.css" integrity="sha256-vtR0hSWRc3Tb26iuN2oZHt3KRUomwTufNIf5/4oeCyg=" crossorigin="anonymous" />
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@hackmd/emojify.js@2.1.0/dist/css/basic/emojify.min.css" integrity="sha256-UOrvMOsSDSrW6szVLe8ZDZezBxh5IoIfgTwdNDgTjiU=" crossorigin="anonymous" />
    <style>
        @charset "UTF-8";@import url(https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i|Source+Code+Pro:300,400,500|Source+Sans+Pro:300,300i,400,400i,600,600i|Source+Serif+Pro&subset=latin-ext);.hljs{display:block;background:#fff;padding:.5em;color:#333;overflow-x:auto}.hljs-comment,.hljs-meta{color:#969896}.hljs-emphasis,.hljs-quote,.hljs-string,.hljs-strong,.hljs-template-variable,.hljs-variable{color:#df5000}.hljs-keyword,.hljs-selector-tag,.hljs-type{color:#a71d5d}.hljs-attribute,.hljs-bullet,.hljs-literal,.hljs-number,.hljs-symbol{color:#0086b3}.hljs-built_in,.hljs-builtin-name{color:#005cc5}.hljs-name,.hljs-section{color:#63a35c}.hljs-tag{color:#333}.hljs-attr,.hljs-selector-attr,.hljs-selector-class,.hljs-selector-id,.hljs-selector-pseudo,.hljs-title{color:#795da3}.hljs-addition{color:#55a532;background-color:#eaffea}.hljs-deletion{color:#bd2c00;background-color:#ffecec}.hljs-link{text-decoration:underline}.markdown-body{font-size:16px;line-height:1.5;word-wrap:break-word}.markdown-body:after,.markdown-body:before{display:table;content:""}.markdown-body:after{clear:both}.markdown-body>:first-child{margin-top:0!important}.markdown-body>:last-child{margin-bottom:0!important}.markdown-body a:not([href]){color:inherit;text-decoration:none}.markdown-body .absent{color:#c00}.markdown-body .anchor{float:left;padding-right:4px;margin-left:-20px;line-height:1}.markdown-body .anchor:focus{outline:none}.markdown-body blockquote,.markdown-body dl,.markdown-body ol,.markdown-body p,.markdown-body pre,.markdown-body table,.markdown-body ul{margin-top:0;margin-bottom:16px}.markdown-body hr{height:.25em;padding:0;margin:24px 0;background-color:#e7e7e7;border:0}.markdown-body blockquote{font-size:16px;padding:0 1em;color:#777;border-left:.25em solid #ddd}.markdown-body blockquote>:first-child{margin-top:0}.markdown-body blockquote>:last-child{margin-bottom:0}.markdown-body kbd,.popover kbd{display:inline-block;padding:3px 5px;font-size:11px;line-height:10px;color:#555;vertical-align:middle;background-color:#fcfcfc;border:1px solid #ccc;border-bottom-color:#bbb;border-radius:3px;box-shadow:inset 0 -1px 0 #bbb}.markdown-body .loweralpha{list-style-type:lower-alpha}.markdown-body h1,.markdown-body h2,.markdown-body h3,.markdown-body h4,.markdown-body h5,.markdown-body h6{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.markdown-body h1 .octicon-link,.markdown-body h2 .octicon-link,.markdown-body h3 .octicon-link,.markdown-body h4 .octicon-link,.markdown-body h5 .octicon-link,.markdown-body h6 .octicon-link{color:#000;vertical-align:middle;visibility:hidden}.markdown-body h1:hover .anchor,.markdown-body h2:hover .anchor,.markdown-body h3:hover .anchor,.markdown-body h4:hover .anchor,.markdown-body h5:hover .anchor,.markdown-body h6:hover .anchor{text-decoration:none}.markdown-body h1:hover .anchor .octicon-link,.markdown-body h2:hover .anchor .octicon-link,.markdown-body h3:hover .anchor .octicon-link,.markdown-body h4:hover .anchor .octicon-link,.markdown-body h5:hover .anchor .octicon-link,.markdown-body h6:hover .anchor .octicon-link{visibility:visible}.markdown-body h1 code,.markdown-body h1 tt,.markdown-body h2 code,.markdown-body h2 tt,.markdown-body h3 code,.markdown-body h3 tt,.markdown-body h4 code,.markdown-body h4 tt,.markdown-body h5 code,.markdown-body h5 tt,.markdown-body h6 code,.markdown-body h6 tt{font-size:inherit}.markdown-body h1{font-size:2em}.markdown-body h1,.markdown-body h2{padding-bottom:.3em;border-bottom:1px solid #eee}.markdown-body h2{font-size:1.5em}.markdown-body h3{font-size:1.25em}.markdown-body h4{font-size:1em}.markdown-body h5{font-size:.875em}.markdown-body h6{font-size:.85em;color:#777}.markdown-body ol,.markdown-body ul{padding-left:2em}.markdown-body ol.no-list,.markdown-body ul.no-list{padding:0;list-style-type:none}.markdown-body ol ol,.markdown-body ol ul,.markdown-body ul ol,.markdown-body ul ul{margin-top:0;margin-bottom:0}.markdown-body li>p{margin-top:16px}.markdown-body li+li{padding-top:.25em}.markdown-body dl{padding:0}.markdown-body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:700}.markdown-body dl dd{padding:0 16px;margin-bottom:16px}.markdown-body table{display:block;width:100%;overflow:auto;word-break:normal;word-break:keep-all}.markdown-body table th{font-weight:700}.markdown-body table td,.markdown-body table th{padding:6px 13px;border:1px solid #ddd}.markdown-body table tr{background-color:#fff;border-top:1px solid #ccc}.markdown-body table tr:nth-child(2n){background-color:#f8f8f8}.markdown-body img{max-width:100%;box-sizing:content-box;background-color:#fff}.markdown-body img[align=right]{padding-left:20px}.markdown-body img[align=left]{padding-right:20px}.markdown-body .emoji{max-width:none;vertical-align:text-top;background-color:transparent}.markdown-body span.frame{display:block;overflow:hidden}.markdown-body span.frame>span{display:block;float:left;width:auto;padding:7px;margin:13px 0 0;overflow:hidden;border:1px solid #ddd}.markdown-body span.frame span img{display:block;float:left}.markdown-body span.frame span span{display:block;padding:5px 0 0;clear:both;color:#333}.markdown-body span.align-center{display:block;overflow:hidden;clear:both}.markdown-body span.align-center>span{display:block;margin:13px auto 0;overflow:hidden;text-align:center}.markdown-body span.align-center span img{margin:0 auto;text-align:center}.markdown-body span.align-right{display:block;overflow:hidden;clear:both}.markdown-body span.align-right>span{display:block;margin:13px 0 0;overflow:hidden;text-align:right}.markdown-body span.align-right span img{margin:0;text-align:right}.markdown-body span.float-left{display:block;float:left;margin-right:13px;overflow:hidden}.markdown-body span.float-left span{margin:13px 0 0}.markdown-body span.float-right{display:block;float:right;margin-left:13px;overflow:hidden}.markdown-body span.float-right>span{display:block;margin:13px auto 0;overflow:hidden;text-align:right}.markdown-body code,.markdown-body tt{padding:0;padding-top:.2em;padding-bottom:.2em;margin:0;font-size:85%;background-color:rgba(0,0,0,.04);border-radius:3px}.markdown-body code:after,.markdown-body code:before,.markdown-body tt:after,.markdown-body tt:before{letter-spacing:-.2em;content:"\00a0"}.markdown-body code br,.markdown-body tt br{display:none}.markdown-body del code{text-decoration:inherit}.markdown-body pre{word-wrap:normal}.markdown-body pre>code{padding:0;margin:0;font-size:100%;word-break:normal;white-space:pre;background:transparent;border:0}.markdown-body .highlight{margin-bottom:16px}.markdown-body .highlight pre{margin-bottom:0;word-break:normal}.markdown-body .highlight pre,.markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:#f7f7f7;border-radius:3px}.markdown-body pre code,.markdown-body pre tt{display:inline;max-width:auto;padding:0;margin:0;overflow:visible;line-height:inherit;word-wrap:normal;background-color:transparent;border:0}.markdown-body pre code:after,.markdown-body pre code:before,.markdown-body pre tt:after,.markdown-body pre tt:before{content:normal}.markdown-body .csv-data td,.markdown-body .csv-data th{padding:5px;overflow:hidden;font-size:12px;line-height:1;text-align:left;white-space:nowrap}.markdown-body .csv-data .blob-line-num{padding:10px 8px 9px;text-align:right;background:#fff;border:0}.markdown-body .csv-data tr{border-top:0}.markdown-body .csv-data th{font-weight:700;background:#f8f8f8;border-top:0}.news .alert .markdown-body blockquote{padding:0 0 0 40px;border:0 none}.activity-tab .news .alert .commits,.activity-tab .news .markdown-body blockquote{padding-left:0}.task-list-item{list-style-type:none}.task-list-item label{font-weight:400}.task-list-item.enabled label{cursor:pointer}.task-list-item+.task-list-item{margin-top:3px}.task-list-item-checkbox{float:left;margin:.31em 0 .2em -1.3em!important;vertical-align:middle;cursor:default!important}.markdown-body{padding-top:40px;padding-bottom:40px;max-width:758px;overflow:visible!important}.markdown-body .emoji{vertical-align:top}.markdown-body pre{border:inherit!important}.markdown-body code{color:inherit!important}.markdown-body pre code .wrapper{display:-moz-inline-flex;display:-ms-inline-flex;display:-o-inline-flex;display:inline-flex}.markdown-body pre code .gutter{float:left;overflow:hidden;-webkit-user-select:none;user-select:none}.markdown-body pre code .gutter.linenumber{text-align:right;position:relative;display:inline-block;cursor:default;z-index:4;padding:0 8px 0 0;min-width:20px;box-sizing:content-box;color:#afafaf!important;border-right:3px solid #6ce26c!important}.markdown-body pre code .gutter.linenumber>span:before{content:attr(data-linenumber)}.markdown-body pre code .code{float:left;margin:0 0 0 16px}.markdown-body .gist .line-numbers{border-left:none;border-top:none;border-bottom:none}.markdown-body .gist .line-data{border:none}.markdown-body .gist table{border-spacing:0;border-collapse:inherit!important}.markdown-body code[data-gist-id]{background:none;padding:0}.markdown-body code[data-gist-id]:after,.markdown-body code[data-gist-id]:before{content:""}.markdown-body code[data-gist-id] .blob-num{border:unset}.markdown-body code[data-gist-id] table{overflow:unset;margin-bottom:unset}.markdown-body code[data-gist-id] table tr{background:unset}.markdown-body[dir=rtl] pre{direction:ltr}.markdown-body[dir=rtl] code{direction:ltr;unicode-bidi:embed}.markdown-body .alert>p{margin-bottom:0}.markdown-body pre.abc,.markdown-body pre.flow-chart,.markdown-body pre.graphviz,.markdown-body pre.mermaid,.markdown-body pre.sequence-diagram,.markdown-body pre.vega{text-align:center;background-color:inherit;border-radius:0;white-space:inherit;overflow:visible}.markdown-body pre.abc>code,.markdown-body pre.flow-chart>code,.markdown-body pre.graphviz>code,.markdown-body pre.mermaid>code,.markdown-body pre.sequence-diagram>code,.markdown-body pre.vega>code{text-align:left}.markdown-body pre.abc>svg,.markdown-body pre.flow-chart>svg,.markdown-body pre.graphviz>svg,.markdown-body pre.mermaid>svg,.markdown-body pre.sequence-diagram>svg,.markdown-body pre.vega>svg{max-width:100%;height:100%}.markdown-body pre>code.wrap{white-space:pre-wrap;white-space:-moz-pre-wrap;white-space:-pre-wrap;white-space:-o-pre-wrap;word-wrap:break-word}.markdown-body .alert>p,.markdown-body .alert>ul{margin-bottom:0}.markdown-body summary{display:list-item}.markdown-body summary:focus{outline:none}.markdown-body details summary{cursor:pointer}.markdown-body details:not([open])>:not(summary){display:none}.markdown-body figure{margin:1em 40px}.markdown-body .mark,.markdown-body mark{background-color:#fff1a7}.vimeo,.youtube{cursor:pointer;display:table;text-align:center;background-position:50%;background-repeat:no-repeat;background-size:contain;background-color:#000;overflow:hidden}.vimeo,.youtube{position:relative;width:100%}.youtube{padding-bottom:56.25%}.vimeo img{width:100%;object-fit:contain;z-index:0}.youtube img{object-fit:cover;z-index:0}.vimeo iframe,.youtube iframe,.youtube img{width:100%;height:100%;position:absolute;top:0;left:0}.vimeo iframe,.youtube iframe{vertical-align:middle;z-index:1}.vimeo .icon,.youtube .icon{position:absolute;height:auto;width:auto;top:50%;left:50%;transform:translate(-50%,-50%);color:#fff;opacity:.3;transition:opacity .2s;z-index:0}.vimeo:hover .icon,.youtube:hover .icon{opacity:.6;transition:opacity .2s}.slideshare .inner,.speakerdeck .inner{position:relative;width:100%}.slideshare .inner iframe,.speakerdeck .inner iframe{position:absolute;top:0;bottom:0;left:0;right:0;width:100%;height:100%}.MJX_Assistive_MathML{display:none}.ui-infobar{position:relative;z-index:2;max-width:760px;margin:25px auto -25px;color:#777}.toc .invisable-node{list-style-type:none}.ui-toc{position:fixed;bottom:20px;z-index:998}.ui-toc.both-mode{margin-left:8px}.ui-toc.both-mode .ui-toc-label{height:40px;padding:10px 4px;border-top-left-radius:0;border-bottom-left-radius:0}.ui-toc-label{background-color:#e6e6e6;border:none;color:#868686;transition:opacity .2s}.ui-toc .open .ui-toc-label{opacity:1;color:#fff;transition:opacity .2s}.ui-toc-label:focus{opacity:.3;background-color:#ccc;color:#000}.ui-toc-label:hover{opacity:1;background-color:#ccc;transition:opacity .2s}.ui-toc-dropdown{margin-top:20px;margin-bottom:20px;padding-left:10px;padding-right:10px;max-width:45vw;width:25vw;max-height:70vh;overflow:auto;text-align:inherit}.ui-toc-dropdown>.toc{max-height:calc(70vh - 100px);overflow:auto}.ui-toc-dropdown[dir=rtl] .nav{padding-right:0;letter-spacing:.0029em}.ui-toc-dropdown a{overflow:hidden;text-overflow:ellipsis;white-space:pre}.ui-toc-dropdown .nav>li>a{display:block;padding:4px 20px;font-size:13px;font-weight:500;color:#767676}.ui-toc-dropdown .nav>li:first-child:last-child > ul,.ui-toc-dropdown .toc.expand ul{display:block}.ui-toc-dropdown .nav>li>a:focus,.ui-toc-dropdown .nav>li>a:hover{padding-left:19px;color:#000;text-decoration:none;background-color:transparent;border-left:1px solid #000}.ui-toc-dropdown[dir=rtl] .nav>li>a:focus,.ui-toc-dropdown[dir=rtl] .nav>li>a:hover{padding-right:19px;border-left:none;border-right:1px solid #000}.ui-toc-dropdown .nav>.active:focus>a,.ui-toc-dropdown .nav>.active:hover>a,.ui-toc-dropdown .nav>.active>a{padding-left:18px;font-weight:700;color:#000;background-color:transparent;border-left:2px solid #000}.ui-toc-dropdown[dir=rtl] .nav>.active:focus>a,.ui-toc-dropdown[dir=rtl] .nav>.active:hover>a,.ui-toc-dropdown[dir=rtl] .nav>.active>a{padding-right:18px;border-left:none;border-right:2px solid #000}.ui-toc-dropdown .nav .nav{display:none;padding-bottom:10px}.ui-toc-dropdown .nav>.active>ul{display:block}.ui-toc-dropdown .nav .nav>li>a{padding-top:1px;padding-bottom:1px;padding-left:30px;font-size:12px;font-weight:400}.ui-toc-dropdown[dir=rtl] .nav .nav>li>a{padding-right:30px}.ui-toc-dropdown .nav .nav>li>ul>li>a{padding-top:1px;padding-bottom:1px;padding-left:40px;font-size:12px;font-weight:400}.ui-toc-dropdown[dir=rtl] .nav .nav>li>ul>li>a{padding-right:40px}.ui-toc-dropdown .nav .nav>li>a:focus,.ui-toc-dropdown .nav .nav>li>a:hover{padding-left:29px}.ui-toc-dropdown[dir=rtl] .nav .nav>li>a:focus,.ui-toc-dropdown[dir=rtl] .nav .nav>li>a:hover{padding-right:29px}.ui-toc-dropdown .nav .nav>li>ul>li>a:focus,.ui-toc-dropdown .nav .nav>li>ul>li>a:hover{padding-left:39px}.ui-toc-dropdown[dir=rtl] .nav .nav>li>ul>li>a:focus,.ui-toc-dropdown[dir=rtl] .nav .nav>li>ul>li>a:hover{padding-right:39px}.ui-toc-dropdown .nav .nav>.active:focus>a,.ui-toc-dropdown .nav .nav>.active:hover>a,.ui-toc-dropdown .nav .nav>.active>a{padding-left:28px;font-weight:500}.ui-toc-dropdown[dir=rtl] .nav .nav>.active:focus>a,.ui-toc-dropdown[dir=rtl] .nav .nav>.active:hover>a,.ui-toc-dropdown[dir=rtl] .nav .nav>.active>a{padding-right:28px}.ui-toc-dropdown .nav .nav>.active>.nav>.active:focus>a,.ui-toc-dropdown .nav .nav>.active>.nav>.active:hover>a,.ui-toc-dropdown .nav .nav>.active>.nav>.active>a{padding-left:38px;font-weight:500}.ui-toc-dropdown[dir=rtl] .nav .nav>.active>.nav>.active:focus>a,.ui-toc-dropdown[dir=rtl] .nav .nav>.active>.nav>.active:hover>a,.ui-toc-dropdown[dir=rtl] .nav .nav>.active>.nav>.active>a{padding-right:38px}.markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica Neue,Helvetica,Roboto,Arial,sans-serif}html[lang^=ja] .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica Neue,Helvetica,Roboto,Arial,Hiragino Kaku Gothic Pro,ヒラギノ角ゴ Pro W3,Osaka,Meiryo,メイリオ,MS Gothic,ＭＳ\ ゴシック,sans-serif}html[lang=zh-tw] .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica Neue,Helvetica,Roboto,Arial,PingFang TC,Microsoft JhengHei,微軟正黑,sans-serif}html[lang=zh-cn] .markdown-body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica Neue,Helvetica,Roboto,Arial,PingFang SC,Microsoft YaHei,微软雅黑,sans-serif}html .markdown-body[lang^=ja]{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica Neue,Helvetica,Roboto,Arial,Hiragino Kaku Gothic Pro,ヒラギノ角ゴ Pro W3,Osaka,Meiryo,メイリオ,MS Gothic,ＭＳ\ ゴシック,sans-serif}html .markdown-body[lang=zh-tw]{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica Neue,Helvetica,Roboto,Arial,PingFang TC,Microsoft JhengHei,微軟正黑,sans-serif}html .markdown-body[lang=zh-cn]{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica Neue,Helvetica,Roboto,Arial,PingFang SC,Microsoft YaHei,微软雅黑,sans-serif}html[lang^=ja] .ui-toc-dropdown{font-family:Source Sans Pro,Helvetica,Arial,Meiryo UI,MS PGothic,ＭＳ\ Ｐゴシック,sans-serif}html[lang=zh-tw] .ui-toc-dropdown{font-family:Source Sans Pro,Helvetica,Arial,Microsoft JhengHei UI,微軟正黑UI,sans-serif}html[lang=zh-cn] .ui-toc-dropdown{font-family:Source Sans Pro,Helvetica,Arial,Microsoft YaHei UI,微软雅黑UI,sans-serif}html .ui-toc-dropdown[lang^=ja]{font-family:Source Sans Pro,Helvetica,Arial,Meiryo UI,MS PGothic,ＭＳ\ Ｐゴシック,sans-serif}html .ui-toc-dropdown[lang=zh-tw]{font-family:Source Sans Pro,Helvetica,Arial,Microsoft JhengHei UI,微軟正黑UI,sans-serif}html .ui-toc-dropdown[lang=zh-cn]{font-family:Source Sans Pro,Helvetica,Arial,Microsoft YaHei UI,微软雅黑UI,sans-serif}.ui-affix-toc{position:fixed;top:0;max-width:15vw;max-height:70vh;overflow:auto}.back-to-top,.expand-toggle,.go-to-bottom{display:block;padding:4px 10px;margin-top:10px;margin-left:10px;font-size:12px;font-weight:500;color:#999}.back-to-top:focus,.back-to-top:hover,.expand-toggle:focus,.expand-toggle:hover,.go-to-bottom:focus,.go-to-bottom:hover{color:#563d7c;text-decoration:none}.back-to-top,.go-to-bottom{margin-top:0}.ui-user-icon{width:20px;height:20px;display:block;border-radius:3px;margin-top:2px;margin-bottom:2px;margin-right:5px;background-position:50%;background-repeat:no-repeat;background-size:cover}.ui-user-icon.small{width:18px;height:18px;display:inline-block;vertical-align:middle;margin:0 0 .2em}.ui-infobar>small>span{line-height:22px}.ui-infobar>small .dropdown{display:inline-block}.ui-infobar>small .dropdown a:focus,.ui-infobar>small .dropdown a:hover{text-decoration:none}.ui-published-note{color:#337ab7}.ui-published-note .fa{font-size:20px;vertical-align:top}.unselectable{-webkit-user-select:none;-o-user-select:none;user-select:none}.selectable{-webkit-user-select:text;-o-user-select:text;user-select:text}@media print{blockquote,div,img,pre,table{page-break-inside:avoid!important}a[href]:after{font-size:12px!important}}.markdown-body.slides{position:relative;z-index:1;color:#222}.markdown-body.slides:before{content:"";display:block;position:absolute;top:0;left:0;right:0;bottom:0;z-index:-1;background-color:currentColor;box-shadow:0 0 0 50vw}.markdown-body.slides section[data-markdown]{position:relative;margin-bottom:1.5em;background-color:#fff;text-align:center}.markdown-body.slides section[data-markdown] code{text-align:left}.markdown-body.slides section[data-markdown]:before{content:"";display:block;padding-bottom:56.23%}.markdown-body.slides section[data-markdown]>div:first-child{position:absolute;top:50%;left:1em;right:1em;transform:translateY(-50%);max-height:100%;overflow:hidden}.markdown-body.slides section[data-markdown]>ul{display:inline-block}.markdown-body.slides>section>section+section:after{content:"";position:absolute;top:-1.5em;right:1em;height:1.5em;border:3px solid #777}body{font-smoothing:subpixel-antialiased!important;-webkit-font-smoothing:subpixel-antialiased!important;-moz-osx-font-smoothing:auto!important;text-shadow:0 0 1em transparent,1px 1px 1.2px rgba(0,0,0,.004);-webkit-overflow-scrolling:touch;letter-spacing:.025em}.focus,:focus{outline:none!important}::-moz-focus-inner{border:0!important}body{font-family:Source Sans Pro,Helvetica,Arial,sans-serif}html[lang^=ja] body{font-family:Source Sans Pro,Helvetica,Arial,Hiragino Kaku Gothic Pro,ヒラギノ角ゴ Pro W3,Osaka,Meiryo,メイリオ,MS Gothic,ＭＳ\ ゴシック,sans-serif}html[lang=zh-tw] body{font-family:Source Sans Pro,Helvetica,Arial,PingFang TC,Microsoft JhengHei,微軟正黑,sans-serif}html[lang=zh-cn] body{font-family:Source Sans Pro,Helvetica,Arial,PingFang SC,Microsoft YaHei,微软雅黑,sans-serif}abbr[title]{border-bottom:none;text-decoration:underline;-webkit-text-decoration:underline dotted;text-decoration:underline dotted}abbr[data-original-title],abbr[title]{cursor:help}body.modal-open{overflow-y:auto;padding-right:0!important}
    </style>
    <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
    <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
    <!--[if lt IE 9]>
    	<script src="https://cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv.min.js" integrity="sha256-3Jy/GbSLrg0o9y5Z5n1uw0qxZECH7C6OQpVBgNFYa0g=" crossorigin="anonymous"></script>
    	<script src="https://cdnjs.cloudflare.com/ajax/libs/respond.js/1.4.2/respond.min.js" integrity="sha256-g6iAfvZp+nDQ2TdTR/VVKJf3bGro4ub5fvWSWVRi2NE=" crossorigin="anonymous"></script>
		<script src="https://cdnjs.cloudflare.com/ajax/libs/es5-shim/4.5.9/es5-shim.min.js" integrity="sha256-8E4Is26QH0bD52WoQpcB+R/tcWQtpzlCojrybUd7Mxo=" crossorigin="anonymous"></script>
    <![endif]-->
</head>

<body>
    <div id="doc" class="markdown-body container-fluid comment-enabled" data-hard-breaks="true" style="position: relative;"><h1 id="Contracts-Use-Case-Categorization"><a class="anchor hidden-xs" href="#Contracts-Use-Case-Categorization" title="Contracts-Use-Case-Categorization"><span class="octicon octicon-link"></span></a><span>Contracts Use Case Categorization</span></h1><p><span>Document Number: P2185R0</span><br>
<span>Date: 2020-06-11</span><br>
<span>Authour: Caleb Sunstrum</span></p><h2 id="Disclaimer"><a class="anchor hidden-xs" href="#Disclaimer" title="Disclaimer"><span class="octicon octicon-link"></span></a><span>Disclaimer</span></h2><p><span>While the authour bears a professional relationship outside the Committee with the Chair of SG21, the categorization herein is the effort of the authour only and does not (necessarily) represent the views of the Chair.</span></p><h2 id="Goals"><a class="anchor hidden-xs" href="#Goals" title="Goals"><span class="octicon octicon-link"></span></a><span>Goals</span></h2><p><span>With ~200 use cases collected by the authours of </span><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html" target="_blank" rel="noopener"><span>P1955R0</span></a><span> (much thanks to them for this initial work), it’s difficult to reason about let alone attempt to rank the relative importance of the various use cases!</span></p><p><span>This work is an attempt to categorize the various use cases in a way such that at each level of categorization the set of things to reason about is small enough to keep in one’s working memory.</span></p><h2 id="Notes"><a class="anchor hidden-xs" href="#Notes" title="Notes"><span class="octicon octicon-link"></span></a><span>Notes</span></h2><p><span>Contracts use cases fall into two primary categories:</span></p><ul>
<li><span>“What I want to use contracts </span><em><span>for</span></em><span>”</span></li>
<li><span>“</span><em><span>How</span></em><span> I want to use contracts” (meta-Contracts)</span></li>
</ul><p><span>The vast majority of provided use cases fall into the second category, and most of the former are non-controversial. It seems the majority of disagreement around Contracts relates to how the facility is specified and used as opposed to what we want to use it for!</span></p><p><span>There are also a few agendas at play, such as C-compatibility and elimination of macros.</span></p><h1 id="Contracts-Use-Cases"><a class="anchor hidden-xs" href="#Contracts-Use-Cases" title="Contracts-Use-Cases"><span class="octicon octicon-link"></span></a><span>Contracts Use Cases</span></h1><p><span>“What I want to use contracts for”</span></p><pre><code class="C++ hljs">namespace uses {
  <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Correctness</span>;</span>
  <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Optimization</span>;</span>
  <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Code</span>-<span class="hljs-title">Analysis</span>;</span>
}
</code></pre><h2 id="Correctness"><a class="anchor hidden-xs" href="#Correctness" title="Correctness"><span class="octicon octicon-link"></span></a><span>Correctness</span></h2><p><span>“I want to use Contracts to help ensure my program is correct”</span></p><pre><code class="C++ hljs"><span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">uses::Correctness</span> {</span>
  <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Class</span>-<span class="hljs-title">Consistency</span> {</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Derivation</span>;</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Interface</span>;</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Internal</span>;</span>
  };
  <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Defensive</span>-<span class="hljs-title">Coding</span> {</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Safety</span>;</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">TDD</span>;</span>
  };
  <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Validation</span>;</span>
};
</code></pre><h3 id="CorrectnessClass-ConsistencyDerivation"><a class="anchor hidden-xs" href="#CorrectnessClass-ConsistencyDerivation" title="CorrectnessClass-ConsistencyDerivation"><span class="octicon octicon-link"></span></a><span>Correctness::Class-Consistency::Derivation</span></h3><p><span>How base-class contracts interact with derived classes</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#cppapi.class.preconditions" target="_blank" rel="noopener"><span>cppapi.class.preconditions</span></a><span>: Ensure overriding methods have same or wider preconditions (see: Liskov substitution principle)</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#cppapi.class.postconditions" target="_blank" rel="noopener"><span>cppapi.class.postconditions</span></a><span>: Ensure overriding functions meet their base class postconditions when their base class preconditions are met (see: Liskov substitution principle)</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#cppapi.class.variability" target="_blank" rel="noopener"><span>cppapi.class.variability</span></a><span>: Allow overriding functions to have narrower preconditions/wider postconditions if I want to</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.class.baseinterface" target="_blank" rel="noopener"><span>api.class.baseinterface</span></a><span>: Express a restriction on the protected interface of a type that derived types can depend upon: can mention only protected and public members, and is checked on entry and exit from this type’s code</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.class.baseinvariants" target="_blank" rel="noopener"><span>api.class.baseinvariants</span></a><span>: Check invariants on entry and exit of every protected method (when called from the derived type, not when one base member function calls another)</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.class.basecalls" target="_blank" rel="noopener"><span>api.class.basecalls</span></a><span>: Check invariants before and after every call to a virtual function (when calling to the derived type)</span></p><h3 id="CorrectnessClass-ConsistencyInterface"><a class="anchor hidden-xs" href="#CorrectnessClass-ConsistencyInterface" title="CorrectnessClass-ConsistencyInterface"><span class="octicon octicon-link"></span></a><span>Correctness::Class-Consistency::Interface</span></h3><p><span>Class contracts over the public interface of a class</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#cppapi.invariants" target="_blank" rel="noopener"><span>cppapi.invariants</span></a><span>: Declare class invariants that all of my public functions need to maintain</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.class.publicinterface" target="_blank" rel="noopener"><span>api.class.publicinterface</span></a><span>: Express a restriction on the public interface of a type that all callers of the type can depend upon: can mention only public members, and is checked on entry and exit from this type’s code</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.class.publicinvariants" target="_blank" rel="noopener"><span>api.class.publicinvariants</span></a><span>: Check invariants before and after every public method (when called from outside the type, not when one member function calls another)</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.class.privateinvariants" target="_blank" rel="noopener"><span>api.class.privateinvariants</span></a><span>: Check invariants on entry and exit of every public method (when called from outside the type, not when one member function calls another)</span></p><h3 id="CorrectnessClass-ConsistencyInternal"><a class="anchor hidden-xs" href="#CorrectnessClass-ConsistencyInternal" title="CorrectnessClass-ConsistencyInternal"><span class="octicon octicon-link"></span></a><span>Correctness::Class-Consistency::Internal</span></h3><p><span>Class contracts for internal consistency</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.class.publiccalls" target="_blank" rel="noopener"><span>api.class.publiccalls</span></a><span>: Check invariants before and after calling functions that are not part of this type (including virtual calls)</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.class.privateinterface" target="_blank" rel="noopener"><span>api.class.privateinterface</span></a><span>: Express an internal restriction on the private implementation of a type, can mention any member, and is checked on entry and exit from this type’s code</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.class.privatecalls" target="_blank" rel="noopener"><span>api.class.privatecalls</span></a><span>: Check invariants before and after calling functions that are not part of this type (including virtual calls)</span></p><h3 id="CorrectnessDefensive-CodingSafety"><a class="anchor hidden-xs" href="#CorrectnessDefensive-CodingSafety" title="CorrectnessDefensive-CodingSafety"><span class="octicon octicon-link"></span></a><span>Correctness::Defensive-Coding::Safety</span></h3><p><span>Ensuring error paths have well-defined behaviour</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#pdev.safety.isolation" target="_blank" rel="noopener"><span>pdev.safety.isolation</span></a><span>: Isolate safety checks from performance annotations</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#pdev.safety.critical" target="_blank" rel="noopener"><span>pdev.safety.critical</span></a><span>: Retain checking even when optimizing with performance annotations</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#crit.noassume" target="_blank" rel="noopener"><span>crit.noassume</span></a><span>: Ensure checks will never be </span><code>__assume</code><span>'d/</span><code>__builtin_assume</code><span>'d by the compiler as if they were facts injected into the program (otherwise, if such an assumption ever failed, I would be running a different program that is not equivalent to the one I wrote; assumptions can expand the set of possible executions by injecting facts not otherwise knowable to the compiler) (See also: </span><a href="#OptimizationUB"><span>Optimization::UB</span></a><span>)</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#crit.redundancy" target="_blank" rel="noopener"><span>crit.redundancy</span></a><span>: Be able to express error handling that may be redundant with contract checking</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#crit.interaction" target="_blank" rel="noopener"><span>crit.interaction</span></a><span>: Not have contract build or run modes possibly be able to change or disable related error handling in any way</span></p><h3 id="CorrectnessDefensive-CodingTDD"><a class="anchor hidden-xs" href="#CorrectnessDefensive-CodingTDD" title="CorrectnessDefensive-CodingTDD"><span class="octicon octicon-link"></span></a><span>Correctness::Defensive-Coding::TDD</span></h3><p><span>Using Contracts for Test-Driven Development</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#adev.evolve" target="_blank" rel="noopener"><span>adev.evolve</span></a><span>: Assert against conditions I am aware of but not finished handling fully</span></p><h3 id="CorrectnessValidation"><a class="anchor hidden-xs" href="#CorrectnessValidation" title="CorrectnessValidation"><span class="octicon octicon-link"></span></a><span>Correctness::Validation</span></h3><p><span>Using Contracts to validate program correctness</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.establish.check" target="_blank" rel="noopener"><span>api.establish.check</span></a><span>: Have validation inform me which output values are unexpected or invalid</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.establish.validate_invariants" target="_blank" rel="noopener"><span>api.establish.validate_invariants</span></a><span>: Have validation inform me which class invariants are violated</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.establish.values" target="_blank" rel="noopener"><span>api.establish.values</span></a><span>: Have validation inform user which input values are unexpected or invalid</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#jdev.understand.violations" target="_blank" rel="noopener"><span>jdev.understand.violations</span></a><span>: Be informed when my usage is out of contract</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#int.conform.postconditions" target="_blank" rel="noopener"><span>int.conform.postconditions</span></a><span>: Verify results from a call are expected output values</span></p><h2 id="Optimization"><a class="anchor hidden-xs" href="#Optimization" title="Optimization"><span class="octicon octicon-link"></span></a><span>Optimization</span></h2><p><span>“I want to use Contracts to help optimize my program”</span></p><pre><code class="C++ hljs"><span class="hljs-keyword">class</span> <span class="hljs-title">uses</span>::<span class="hljs-title">Optimization</span> {
  <span class="hljs-keyword">class</span> <span class="hljs-title">Leverage</span>;
  <span class="hljs-keyword">class</span> <span class="hljs-title">Overhead</span>;
  <span class="hljs-keyword">class</span> <span class="hljs-title">UB</span>;
};
</code></pre><h3 id="OptimizationLeverage"><a class="anchor hidden-xs" href="#OptimizationLeverage" title="OptimizationLeverage"><span class="octicon octicon-link"></span></a><span>Optimization::Leverage</span></h3><p><span>Using Contracts to improve optimization</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#dev.reason.confidence" target="_blank" rel="noopener"><span>dev.reason.confidence</span></a><span>: Express a spectrum of confidence in my annotations, from “unsure” and asking for validation, to “sure” and asking for some effect to be applied (eg. “maybe”, “definitely”, “assume” ‘something’) (See also: </span><a href="#FunctionalityExpressivityMeta-Information"><span>Functionality::Expressivity::Meta-Information</span></a><span>)</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#int.build.optimize" target="_blank" rel="noopener"><span>int.build.optimize</span></a><span>: Turn on run time optimization to leverage annotation assumptions</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#hardware.performance" target="_blank" rel="noopener"><span>hardware.performance</span></a><span>: Be able to design new hardware + optimizations, carefully dovetailed into one another, that depend on statically-unprovable facts being annotated in the code</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#pdev.speed" target="_blank" rel="noopener"><span>pdev.speed</span></a><span>: Annotate my code with assumptions, likelihoods, or reachability information that a tool might not be able to deduce, but that I would be confident of</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#pdev.morespeed" target="_blank" rel="noopener"><span>pdev.morespeed</span></a><span>: Be able to give statically-unprovable facts to current and novel optimizers in terms of semantics my program does not depend-on but optimizers can’t figure out</span></p><h3 id="OptimizationOverhead"><a class="anchor hidden-xs" href="#OptimizationOverhead" title="OptimizationOverhead"><span class="octicon octicon-link"></span></a><span>Optimization::Overhead</span></h3><p><span>Run-time overhead of Contracts</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#large.perfcontrol.runtime" target="_blank" rel="noopener"><span>large.perfcontrol.runtime</span></a><span>: Constrain the set of runtime checks according to their performance overhead</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#embedded.nochecking" target="_blank" rel="noopener"><span>embedded.nochecking</span></a><span>: Remove all checking and diagnostic (eg. source location) overhead entirely from the final binary</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#int.runtime.unchecked" target="_blank" rel="noopener"><span>int.runtime.unchecked</span></a><span>: Turn off run time checking to remove checking overhead</span></p><h3 id="OptimizationUB"><a class="anchor hidden-xs" href="#OptimizationUB" title="OptimizationUB"><span class="octicon octicon-link"></span></a><span>Optimization::UB</span></h3><p><span>Undefined behaviour introduced by Contracts</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#pdev.footgun" target="_blank" rel="noopener"><span>pdev.footgun</span></a><span>: Accept responsibility for a malformed program that might result from eventually false information given by my annotations</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#crit.noassume" target="_blank" rel="noopener"><span>crit.noassume</span></a><span>: Ensure checks will never be </span><code>__assume</code><span>'d/</span><code>__builtin_assume</code><span>'d by the compiler as if they were facts injected into the program (otherwise, if such an assumption ever failed, I would be running a different program that is not equivalent to the one I wrote; assumptions can expand the set of possible executions by injecting facts not otherwise knowable to the compiler) (See also: </span><a href="#CorrectnessDefensive-CodingSafety"><span>Correctness::Defensive-Coding::Safety</span></a><span>)</span></p><h2 id="Code-Analysis"><a class="anchor hidden-xs" href="#Code-Analysis" title="Code-Analysis"><span class="octicon octicon-link"></span></a><span>Code Analysis</span></h2><p><span>“I want to use Contracts to improve the results of tooling”</span></p><pre><code class="C++ hljs"><span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">uses::Code</span>-<span class="hljs-title">Analyis</span> {</span>
  <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Tooling</span>-<span class="hljs-title">Annotations</span> {</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Accuracy</span>;</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Ignorability</span>;</span>
  };
  <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Code</span>-<span class="hljs-title">Generation</span>;</span>
  <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Verification</span>;</span>
};
</code></pre><h3 id="Code-AnalysisTooling-AnnotationsAccuracy"><a class="anchor hidden-xs" href="#Code-AnalysisTooling-AnnotationsAccuracy" title="Code-AnalysisTooling-AnnotationsAccuracy"><span class="octicon octicon-link"></span></a><span>Code-Analysis::Tooling-Annotations::Accuracy</span></h3><p><span>Using Contracts to improve the accuracy of tools</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#dev.tooling" target="_blank" rel="noopener"><span>dev.tooling</span></a><span>: Expose annotations to tools that might leverage them (eg. code linter, static analyzer, semantic prover, compiler sanitizer, binary analyzer, code reviewer, etc.)</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#analysis.information" target="_blank" rel="noopener"><span>analysis.information</span></a><span>: Be able to hint to the analyzer information it may be unable to deduce from source code alone (eg. </span><code>5 / opaque(); [[ opaque() != 0]]</code><span>)</span></p><h3 id="Code-AnalysisTooling-AnnotationsIgnorability"><a class="anchor hidden-xs" href="#Code-AnalysisTooling-AnnotationsIgnorability" title="Code-AnalysisTooling-AnnotationsIgnorability"><span class="octicon octicon-link"></span></a><span>Code-Analysis::Tooling-Annotations::Ignorability</span></h3><p><span>Make it feasible for tooling to ignore misunderstood annotations</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#qdev.tooling" target="_blank" rel="noopener"><span>qdev.tooling</span></a><span>: Signify subset of individual annotations to be consumed by a specific kind of verification tool</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#qdev.tooling.control" target="_blank" rel="noopener"><span>qdev.tooling.control</span></a><span>: Signify subset of individual annotations to be consumed by a specific instance of verification tool</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#qdev.tooling.undefined" target="_blank" rel="noopener"><span>qdev.tooling.undefined</span></a><span>: Use predicates that may not be understood by all instances of verification</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#qdev.tooling.undefinedkinds" target="_blank" rel="noopener"><span>qdev.tooling.undefinedkinds</span></a><span>: Use predicates that may not be understood by all kinds of verification</span></p><h3 id="Code-AnalysisCode-Generation"><a class="anchor hidden-xs" href="#Code-AnalysisCode-Generation" title="Code-AnalysisCode-Generation"><span class="octicon octicon-link"></span></a><span>Code-Analysis::Code-Generation</span></h3><p><span>Integrating the results of tooling into the program</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#analysis.runtime" target="_blank" rel="noopener"><span>analysis.runtime</span></a><span>: Have runtime checks generated by the tool</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#analysis.optimization" target="_blank" rel="noopener"><span>analysis.optimization</span></a><span>: Have runtime optimizations generated by the tool</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#qdev.tooling.behavior" target="_blank" rel="noopener"><span>qdev.tooling.behavior</span></a><span>: Integrate the results of that static checker into how my program behaves in different ways: assume proven predicates, make unprovable predicates ill- formed, etc.</span></p><h3 id="Code-AnalysisVerification"><a class="anchor hidden-xs" href="#Code-AnalysisVerification" title="Code-AnalysisVerification"><span class="octicon octicon-link"></span></a><span>Code-Analysis::Verification</span></h3><p><span>Using tooling to verify program correctness</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#int.consistency" target="_blank" rel="noopener"><span>int.consistency</span></a><span>: Verify all annotations are globally consistent when integrated</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#qdev.correctness" target="_blank" rel="noopener"><span>qdev.correctness</span></a><span>: Signify the predicates that should be verified by an analysis tool</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#analysis.symbolic" target="_blank" rel="noopener"><span>analysis.symbolic</span></a><span>: Have symbolic proofs for soundness and consistency performed before compile time</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#analysis.compiletime" target="_blank" rel="noopener"><span>analysis.compiletime</span></a><span>: Have code source, AST, or inclassion inspection during compile time</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#analysis.binaries" target="_blank" rel="noopener"><span>analysis.binaries</span></a><span>: Have binary inspection after compile time</span></p><h1 id="Contracts-Meta-Use-Cases"><a class="anchor hidden-xs" href="#Contracts-Meta-Use-Cases" title="Contracts-Meta-Use-Cases"><span class="octicon octicon-link"></span></a><span>Contracts Meta Use Cases</span></h1><p><span>“How I want to use contracts”</span></p><pre><code class="C++ hljs">namespace meta {
  <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Controllability</span>;</span>
  <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Functionality</span>;</span>
  <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Teachability</span>;</span>
  <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Agenda</span>-<span class="hljs-title">Advancement</span>;</span>
};
</code></pre><h2 id="Controllability"><a class="anchor hidden-xs" href="#Controllability" title="Controllability"><span class="octicon octicon-link"></span></a><span>Controllability</span></h2><p><span>“How I want to control Contracts”</span></p><pre><code class="C++ hljs"><span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">meta::Controllability</span> {</span>
  <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Control</span> {</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Maintenance</span>;</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Security</span>;</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Run</span>-<span class="hljs-title">time</span>;</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Selection</span>;</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Source</span>;</span>
  };
  <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Granularity</span> {</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Build</span>;</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Debug</span>;</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Source</span>;</span>
  };
  <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Reporting</span> {</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Customization</span>;</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Stripping</span>;</span>
  };
  <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Testing</span> {</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Override</span>-<span class="hljs-title">Checking</span>;</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Override</span>-<span class="hljs-title">Handling</span>;</span>
  };
  <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Violation</span>-<span class="hljs-title">Handling</span> {</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Continuation</span>;</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Customization</span>;</span>
  };
};
</code></pre><h3 id="ControllabilityControlMaintenance"><a class="anchor hidden-xs" href="#ControllabilityControlMaintenance" title="ControllabilityControlMaintenance"><span class="octicon octicon-link"></span></a><span>Controllability::Control::Maintenance</span></h3><p><span>How Contracts should affect code maintenance</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#int.build.binarycounts" target="_blank" rel="noopener"><span>int.build.binarycounts</span></a><span>: Only be required to manage a small, common set of build/link configurations</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#lib.maintenance.noconfig" target="_blank" rel="noopener"><span>lib.maintenance.noconfig</span></a><span>: Not require extra build steps to be documented</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#lib.maintenance.nowhining" target="_blank" rel="noopener"><span>lib.maintenance.nowhining</span></a><span>: Not have users complain about my product due to modifications of annotations resulting from their build configuration</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#lib.integration.noconfig" target="_blank" rel="noopener"><span>lib.integration.noconfig</span></a><span>: Not require extra build steps to be learned or performed</span></p><h3 id="ControllabilityControlSecurity"><a class="anchor hidden-xs" href="#ControllabilityControlSecurity" title="ControllabilityControlSecurity"><span class="octicon octicon-link"></span></a><span>Controllability::Control::Security</span></h3><p><span>Using Contracts in a secure way</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#sec.noattacks" target="_blank" rel="noopener"><span>sec.noattacks</span></a><span>: Be unable to insert code paths (eg. violation handlers) at run time (eg. build time only)</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#sec.certify" target="_blank" rel="noopener"><span>sec.certify</span></a><span>: Have build tool only link to a preapproved violation handler</span></p><h3 id="ControllabilityControlRun-time"><a class="anchor hidden-xs" href="#ControllabilityControlRun-time" title="ControllabilityControlRun-time"><span class="octicon octicon-link"></span></a><span>Controllability::Control::Run-time</span></h3><p><span>Run-time control over contracts</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#int.control.runtime" target="_blank" rel="noopener"><span>int.control.runtime</span></a><span>: Turn checks on at run time</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#int.control.subsets.runtime" target="_blank" rel="noopener"><span>int.control.subsets.runtime</span></a><span>: Turn on any subset of individual (call site) checks on at run time</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#int.build.common" target="_blank" rel="noopener"><span>int.build.common</span></a><span>: Be able to use the same executable regardless of contract enforcement mode</span></p><h3 id="ControllabilityControlSelection"><a class="anchor hidden-xs" href="#ControllabilityControlSelection" title="ControllabilityControlSelection"><span class="octicon octicon-link"></span></a><span>Controllability::Control::Selection</span></h3><p><span>Build-time control over contracts</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#cppdev.build.legacy" target="_blank" rel="noopener"><span>cppdev.build.legacy</span></a><span>: Have annotations affect executions depending on my existing build modes (eg. Debug or Release modes in VS)</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#int.control.build" target="_blank" rel="noopener"><span>int.control.build</span></a><span>: Turn checks on at build time</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#int.build.unchecked" target="_blank" rel="noopener"><span>int.build.unchecked</span></a><span>: Turn off build time checking to remove checking overhead</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#crit.control" target="_blank" rel="noopener"><span>crit.control</span></a><span>: Be able to control the configuration of contracts from a central point</span></p><h3 id="ControllabilityControlSource"><a class="anchor hidden-xs" href="#ControllabilityControlSource" title="ControllabilityControlSource"><span class="octicon octicon-link"></span></a><span>Controllability::Control::Source</span></h3><p><span>Source-level control over contracts</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#lib.integration.nowhining" target="_blank" rel="noopener"><span>lib.integration.nowhining</span></a><span>: Not have my users accidentally modify my careful annotations</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#sdev.control" target="_blank" rel="noopener"><span>sdev.control</span></a><span>: Disable remapping of semantics on stable and correct individual contracts</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#crit.production.checking" target="_blank" rel="noopener"><span>crit.production.checking</span></a><span>: Be able to continue to run checks in a production environment (even after formal testing is complete)</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#crit.more.coverage" target="_blank" rel="noopener"><span>crit.more.coverage</span></a><span>: Be able to run checks in a production environment that are considered “cheap” compared to the expected cost of entering an invalid state</span></p><h3 id="ControllabilityGranularityBuild"><a class="anchor hidden-xs" href="#ControllabilityGranularityBuild" title="ControllabilityGranularityBuild"><span class="octicon octicon-link"></span></a><span>Controllability::Granularity::Build</span></h3><p><span>Granular control of contracts at build-time</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#int.conrol.subsets.build" target="_blank" rel="noopener"><span>int.conrol.subsets.build</span></a><span>: Turn on any subset of individual (call site) checks on at build time</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#int.control.subsets" target="_blank" rel="noopener"><span>int.control.subsets</span></a><span>: Have a way to audit (named or semantic) subsets of checks for various deployments</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#large.perfcontrol.build" target="_blank" rel="noopener"><span>large.perfcontrol.build</span></a><span>: Constrain the set of built time checks according to their performance overhead</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#int.build.minimize" target="_blank" rel="noopener"><span>int.build.minimize</span></a><span>: Disable library postconditions, asserts, and invariants, without disabling library preconditions (assuming the library is tested and stable and my code is not)</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#qdev.checkall" target="_blank" rel="noopener"><span>qdev.checkall</span></a><span>: Ensure all checks (pre, post, assert, invariant) are enabled</span></p><h3 id="ControllabilityGranularityDebug"><a class="anchor hidden-xs" href="#ControllabilityGranularityDebug" title="ControllabilityGranularityDebug"><span class="octicon octicon-link"></span></a><span>Controllability::Granularity::Debug</span></h3><p><span>Granular control over contracts for debugging purposes</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#large.complex" target="_blank" rel="noopener"><span>large.complex</span></a><span>: Have composable and fine grained control over which checks are run, without requiring source code changes. Specifically the checks for only one function or some grouping of functions</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#int.build.control" target="_blank" rel="noopener"><span>int.build.control</span></a><span>: Enable checks only within a selected library</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#int.build.control2" target="_blank" rel="noopener"><span>int.build.control2</span></a><span>: Enable checks on multiple libraries simultaneously</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#int.debug.callsites" target="_blank" rel="noopener"><span>int.debug.callsites</span></a><span>: Enable checks only on selected call sites</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#large.simulation.disable" target="_blank" rel="noopener"><span>large.simulation.disable</span></a><span>: Optionally disable checking on a subset of individual annotations</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#large.simulation.enable" target="_blank" rel="noopener"><span>large.simulation.enable</span></a><span>: Optionally allow checking of a subset of individual annotations to fail and access its recovery path</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#large.simulation.ignore" target="_blank" rel="noopener"><span>large.simulation.ignore</span></a><span>: Optionally allow checking of a subset of individual annotations to fail and continue failing</span></p><h3 id="ControllabilityGranularitySource"><a class="anchor hidden-xs" href="#ControllabilityGranularitySource" title="ControllabilityGranularitySource"><span class="octicon octicon-link"></span></a><span>Controllability::Granularity::Source</span></h3><p><span>Granular control over contracts at the source level</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#large.critical" target="_blank" rel="noopener"><span>large.critical</span></a><span>: Control whether checks are run based on where they are being called from</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#large.separability" target="_blank" rel="noopener"><span>large.separability</span></a><span>: Be able to include distinct clauses for each parameter or invariant with their own individual failure or build controls</span></p><h3 id="ControllabilityReportingCustomization"><a class="anchor hidden-xs" href="#ControllabilityReportingCustomization" title="ControllabilityReportingCustomization"><span class="octicon octicon-link"></span></a><span>Controllability::Reporting::Customization</span></h3><p><span>Control over how contract violations are reported</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#int.violations.transmit" target="_blank" rel="noopener"><span>int.violations.transmit</span></a><span>: Transmit check failure information in environment-specific ways (logs, email, special hardware traps, popup windows, blazing sirens, etc).</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#qdev.fuzz.testing" target="_blank" rel="noopener"><span>qdev.fuzz.testing</span></a><span>: Log all predicate failure during fuzz testing</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#large.scalability" target="_blank" rel="noopener"><span>large.scalability</span></a><span>: Be able to log violations in my organization specific format</span></p><h3 id="ControllabilityReportingStripping"><a class="anchor hidden-xs" href="#ControllabilityReportingStripping" title="ControllabilityReportingStripping"><span class="octicon octicon-link"></span></a><span>Controllability::Reporting::Stripping</span></h3><p><span>Control over what information is retained/reported</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#embedded.nologging" target="_blank" rel="noopener"><span>embedded.nologging</span></a><span>: Remove all logging and diagnostic (but not checking) overhead from the final binary</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#embedded.minimize" target="_blank" rel="noopener"><span>embedded.minimize</span></a><span>: Remove all but the most important diagnostic overhead from the final binary</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#bdev.confidentiality" target="_blank" rel="noopener"><span>bdev.confidentiality</span></a><span>: Not expose diagnostic information (source location, expressions, etc.) in the software I deliver to clients, even when I choose to have contracts enforced in the software I deliver</span></p><h3 id="ControllabilityTestingOverride-Checking"><a class="anchor hidden-xs" href="#ControllabilityTestingOverride-Checking" title="ControllabilityTestingOverride-Checking"><span class="octicon octicon-link"></span></a><span>Controllability::Testing::Override-Checking</span></h3><p><span>Override how/when contracts are checked for testing purposes</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.class.testing" target="_blank" rel="noopener"><span>api.class.testing</span></a><span>: For every member or friend function in my class, run my unit test framework with checking enabled for every assertion at the point where it is written, and check every postcondition at every non-exceptional exit, and test my class invariants on entry and exit from this type’s code</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#int.testing.control" target="_blank" rel="noopener"><span>int.testing.control</span></a><span>: Selectively enable checking for a set of functions which could name either an individual function or an overload set</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#int.testing.controltypes" target="_blank" rel="noopener"><span>int.testing.controltypes</span></a><span>: Selectively enable checking for a set of types and all their members</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#int.testing.transitivity" target="_blank" rel="noopener"><span>int.testing.transitivity</span></a><span>: Selectively enable checking for a set of types and all their transitively nested types and members</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#int.testing.modules" target="_blank" rel="noopener"><span>int.testing.modules</span></a><span>: Selectively enable checking for a translation unit or module and all (non transitive) types and functions within</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#crit.testing" target="_blank" rel="noopener"><span>crit.testing</span></a><span>: Be able to run both success and failure branches in my test environment</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#large.narrowing" target="_blank" rel="noopener"><span>large.narrowing</span></a><span>: Be able to narrow individual contract so it fails in testing not in production</span></p><h3 id="ControllabilityTestingOverride-Handling"><a class="anchor hidden-xs" href="#ControllabilityTestingOverride-Handling" title="ControllabilityTestingOverride-Handling"><span class="octicon octicon-link"></span></a><span>Controllability::Testing::Override-Handling</span></h3><p><span>Override how contract violations are handled for testing purposes</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#qdev.testing" target="_blank" rel="noopener"><span>qdev.testing</span></a><span>: Override failure handler to trigger test failure instead of termination</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#qdev.handler.testing" target="_blank" rel="noopener"><span>qdev.handler.testing</span></a><span>: Have a way to run handler on all combinations of available build modes</span></p><h3 id="ControllabilityViolation-HandlingContinuation"><a class="anchor hidden-xs" href="#ControllabilityViolation-HandlingContinuation" title="ControllabilityViolation-HandlingContinuation"><span class="octicon octicon-link"></span></a><span>Controllability::Violation-Handling::Continuation</span></h3><p><span>Control over whether contract violations can be recovered from</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#sdev.quality" target="_blank" rel="noopener"><span>sdev.quality</span></a><span>: Discourage reliance on observable out-of-contract behavior by causing check failure to hard stop program or build</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#sdev.maturity" target="_blank" rel="noopener"><span>sdev.maturity</span></a><span>: Disable continuation on violation of stable and correct individual contracts</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#large.observation" target="_blank" rel="noopener"><span>large.observation</span></a><span>: Have failed individual checks from existing code optionally warn instead of hard stop</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#large.introduction" target="_blank" rel="noopener"><span>large.introduction</span></a><span>: Have failed checks from a new library optionally warn instead of hard stop</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#large.newenvironment" target="_blank" rel="noopener"><span>large.newenvironment</span></a><span>: Have failed checks caused by a change in environment optionally warn instead of hard stop</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#large.newcompiler" target="_blank" rel="noopener"><span>large.newcompiler</span></a><span>: Have failed checks caused by a change in compiler optionally warn instead of hard stop</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#large.nogoingback" target="_blank" rel="noopener"><span>large.nogoingback</span></a><span>: Have trusted contracts fail fast and hard stop</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#crit.recovery" target="_blank" rel="noopener"><span>crit.recovery</span></a><span>: Have access to a recovery path after contract violation</span></p><h3 id="ControllabilityViolation-HandlingCustomization"><a class="anchor hidden-xs" href="#ControllabilityViolation-HandlingCustomization" title="ControllabilityViolation-HandlingCustomization"><span class="octicon octicon-link"></span></a><span>Controllability::Violation-Handling::Customization</span></h3><p><span>Being able to customize how contract violations are handled</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#dev.reason.behaviorcontrol" target="_blank" rel="noopener"><span>dev.reason.behaviorcontrol</span></a><span>: Have the effect of annotations on executions be user controllable (ie. decide whether “cheap” checks or “critical” terminates)</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#int.violations.custom" target="_blank" rel="noopener"><span>int.violations.custom</span></a><span>: Install custom violation handler where I can inject custom logic to trap errors</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#int.violations.common" target="_blank" rel="noopener"><span>int.violations.common</span></a><span>: Be able to override how library violations are handled in the combined software to point into my handling code</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#int.violations.override" target="_blank" rel="noopener"><span>int.violations.override</span></a><span>: Be able to define and override violation handler via source code</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#crit.locality" target="_blank" rel="noopener"><span>crit.locality</span></a><span>: Couple recovery path to a specific contract within the source</span></p><h2 id="Functionality"><a class="anchor hidden-xs" href="#Functionality" title="Functionality"><span class="octicon octicon-link"></span></a><span>Functionality</span></h2><p><span>“How I want to write Contracts”</span></p><pre><code class="C++ hljs"><span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">meta::Functionality</span> {</span>
  <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Expressivity</span> {</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Annotations</span>;</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Form</span>;</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Meta</span>-<span class="hljs-title">Information</span>;</span>
  };
  <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Flexibility</span> {</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Code</span>;</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Evolution</span>;</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Location</span>;</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Unevaluated</span>;</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Usage</span>;</span>
  };
  <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Interactions</span> {</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Code</span>-<span class="hljs-title">Generation</span>;</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Extensibility</span>;</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Intercompatibility</span>;</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Predictability</span>;</span>
  };
  <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Reporting</span> {</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Actionable</span>;</span>
    <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Visible</span>;</span>
  };
};
</code></pre><h3 id="FunctionalityExpressivityAnnotations"><a class="anchor hidden-xs" href="#FunctionalityExpressivityAnnotations" title="FunctionalityExpressivityAnnotations"><span class="octicon octicon-link"></span></a><span>Functionality::Expressivity::Annotations</span></h3><p><span>Describe and enforce traits</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.extend.exceptionsafety" target="_blank" rel="noopener"><span>api.extend.exceptionsafety</span></a><span>: Annotate operations as being exception safe</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.extend.threadsafety" target="_blank" rel="noopener"><span>api.extend.threadsafety</span></a><span>: Annotate operations as being thread safe</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.extend.atomicity" target="_blank" rel="noopener"><span>api.extend.atomicity</span></a><span>: Annotate operations as being atomic (ie. all or no changes become visible)</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.extend.realtime" target="_blank" rel="noopener"><span>api.extend.realtime</span></a><span>: Annotate operations as real-time (ie. guaranteed to complete within a time frame)</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.extend.determinism" target="_blank" rel="noopener"><span>api.extend.determinism</span></a><span>: Annotate operations as being deterministic (ie. same outputs for same inputs)</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.extend.purity" target="_blank" rel="noopener"><span>api.extend.purity</span></a><span>: Annotate operations as functionally pure (ie. no side effects)</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.extend.sideeffects" target="_blank" rel="noopener"><span>api.extend.sideeffects</span></a><span>: Annotate operations as having global side effects (ie. write to singleton, file, network, or database)</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.extend.complexity" target="_blank" rel="noopener"><span>api.extend.complexity</span></a><span>: Annotate algorithmic complexity</span></p><h3 id="FunctionalityExpressivityForm"><a class="anchor hidden-xs" href="#FunctionalityExpressivityForm" title="FunctionalityExpressivityForm"><span class="octicon octicon-link"></span></a><span>Functionality::Expressivity::Form</span></h3><p><span>How Contracts are specified</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.establish.preconditions" target="_blank" rel="noopener"><span>api.establish.preconditions</span></a><span>: Have contracts specify their pre-conditions as logical predicates</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.establish.invariants" target="_blank" rel="noopener"><span>api.establish.invariants</span></a><span>: Have contracts specify their class invariants as logical predicates</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.establish.postconditions" target="_blank" rel="noopener"><span>api.establish.postconditions</span></a><span>: Have contracts specify their post-conditions as logical predicates</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#arch.complete" target="_blank" rel="noopener"><span>arch.complete</span></a><span>: Specify preconditions/postconditions/assertions/invariants that express my expectations about the expected valid state of my program in the form of compilable boolean expressions, that can be checked statically or dynamically (as opposed to disjointed state where these features are factored into bits)</span></p><h3 id="FunctionalityExpressivityMeta-Information"><a class="anchor hidden-xs" href="#FunctionalityExpressivityMeta-Information" title="FunctionalityExpressivityMeta-Information"><span class="octicon octicon-link"></span></a><span>Functionality::Expressivity::Meta-Information</span></h3><p><span>Encoding information about the contract itself</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#dev.reason.confidence" target="_blank" rel="noopener"><span>dev.reason.confidence</span></a><span>: Express a spectrum of confidence in my annotations, from “unsure” and asking for validation, to “sure” and asking for some effect to be applied (eg. “maybe”, “definitely”, “assume” ‘something’) (See also: </span><a href="#OptimizationLeverage"><span>Optimization::Leverage</span></a><span>)</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#dev.reason.importance" target="_blank" rel="noopener"><span>dev.reason.importance</span></a><span>: Express a spectrum of importance of my annotations, from “critical” (eg. bring the system down) to “minor” (eg. lead to a slower fallback)</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#dev.reason.cost" target="_blank" rel="noopener"><span>dev.reason.cost</span></a><span>: Express a spectrum of expected cost at compile or runtime of my annotations, from “unrunnable” to “expensive” to “cheap”</span></p><h3 id="FunctionalityFlexibilityCode"><a class="anchor hidden-xs" href="#FunctionalityFlexibilityCode" title="FunctionalityFlexibilityCode"><span class="octicon octicon-link"></span></a><span>Functionality::Flexibility::Code</span></h3><p><span>How a contract can be written</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#cppdev.syntax.reuse" target="_blank" rel="noopener"><span>cppdev.syntax.reuse</span></a><span>: Have annotations use my custom types or functions</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.express.values" target="_blank" rel="noopener"><span>api.express.values</span></a><span>: Make reference to either the values of my inputs, or other in-scope identifiers</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.establish.changedvalues" target="_blank" rel="noopener"><span>api.establish.changedvalues</span></a><span>: Make reference to the before and after values of in-out variables (ie. passed by pointer or reference) in post-conditions</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.establish.changedmembers" target="_blank" rel="noopener"><span>api.establish.changedmembers</span></a><span>: Make reference to the before and after values of mutable class members (eg. </span><code>new_size = old_size+1</code><span> after push_back) in post-conditions</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.establish.changedstate" target="_blank" rel="noopener"><span>api.establish.changedstate</span></a><span>: Make reference to the before and after values of global state (eg., </span><code>global &gt;= old(global) + 1</code><span>) in post-conditions</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.contract.private" target="_blank" rel="noopener"><span>api.contract.private</span></a><span>: Be able to access private implementation details of the class so I don’t have to widen public interface to declare predicates</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#cppapi.variadic" target="_blank" rel="noopener"><span>cppapi.variadic</span></a><span>: Allow predicate (fold) expansion</span></p><h3 id="FunctionalityFlexibilityEvolution"><a class="anchor hidden-xs" href="#FunctionalityFlexibilityEvolution" title="FunctionalityFlexibilityEvolution"><span class="octicon octicon-link"></span></a><span>Functionality::Flexibility::Evolution</span></h3><p><span>How a contract can be evolved</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#dev.adapt" target="_blank" rel="noopener"><span>dev.adapt</span></a><span>: Be able to easily change my confidence, importance, or other properties of my annotations over time</span></p><h3 id="FunctionalityFlexibilityLocation"><a class="anchor hidden-xs" href="#FunctionalityFlexibilityLocation" title="FunctionalityFlexibilityLocation"><span class="octicon octicon-link"></span></a><span>Functionality::Flexibility::Location</span></h3><p><span>Where a contract can be written</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#int.build.headeronly" target="_blank" rel="noopener"><span>int.build.headeronly</span></a><span>: Use contract-enabled header-only libraries</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#dev.reason.knowl" target="_blank" rel="noopener"><span>dev.reason.knowl</span></a><span>: Annotate my program anywhere in the code with my current understanding of its structure or execution</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#cppdev.location" target="_blank" rel="noopener"><span>cppdev.location</span></a><span>: Use same source file for both code and annotations</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.contract.interface" target="_blank" rel="noopener"><span>api.contract.interface</span></a><span>: Declare contract when I declare the function</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.contract.redeclaration" target="_blank" rel="noopener"><span>api.contract.redeclaration</span></a><span>: Place function contract conditions on any declaration (e.g., on redeclarations at the bottom of the header, or on the definition in an implementation file, where they are less distracting).</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#cpplib.headeronly" target="_blank" rel="noopener"><span>cpplib.headeronly</span></a><span>: Be able to ship header only library</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#cpplib.insulation" target="_blank" rel="noopener"><span>cpplib.insulation</span></a><span>: Insulate contract conditions with the function definition, or insulate only the definition while putting contract conditions on a redeclaration - visible to static analysis tools in all TUs.</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.communicate.inputsoutputs" target="_blank" rel="noopener"><span>api.communicate.inputsoutputs</span></a><span>: Document the expected inputs and expected outputs on my interface</span></p><h3 id="FunctionalityFlexibilityUnevaluated"><a class="anchor hidden-xs" href="#FunctionalityFlexibilityUnevaluated" title="FunctionalityFlexibilityUnevaluated"><span class="octicon octicon-link"></span></a><span>Functionality::Flexibility::Unevaluated</span></h3><p><span>Expressing unevaluated/unevaluable contracts</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.express.runnability" target="_blank" rel="noopener"><span>api.express.runnability</span></a><span>: Be able to use a predicate that is not evaluated at runtime, because it might be unsafe to run or have stateful side effects</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.express.undefined" target="_blank" rel="noopener"><span>api.express.undefined</span></a><span>: Be able to use a predicate that doesn’t have a definition, because it hasn’t been written yet, or is infeasible to run</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.express.uncheckable" target="_blank" rel="noopener"><span>api.express.uncheckable</span></a><span>: Be able to use a predicate that is not evaluated, because it is simply a semantic placeholder for a tool</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.express.unimplementable" target="_blank" rel="noopener"><span>api.express.unimplementable</span></a><span>: Be able to use a predicate that cannot have a complete definition, because it is inexpressible in the language</span></p><h3 id="FunctionalityFlexibilityUsage"><a class="anchor hidden-xs" href="#FunctionalityFlexibilityUsage" title="FunctionalityFlexibilityUsage"><span class="octicon octicon-link"></span></a><span>Functionality::Flexibility::Usage</span></h3><p><span>Extended uses of Contracts</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#cppapi.contracts.async" target="_blank" rel="noopener"><span>cppapi.contracts.async</span></a><span>: Express contracts on callbacks such as </span><code>std::function</code><span>, function pointers, or references to functions, lambdas, or function objects</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#cppapi.contracts.exception" target="_blank" rel="noopener"><span>cppapi.contracts.exception</span></a><span>: Express contracts on exceptional exit</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#wg21.otherfeatures" target="_blank" rel="noopener"><span>wg21.otherfeatures</span></a><span>: Be able to use contract-like syntax on past or present runtime checkable language features such as switches, pattern matching, etc. or what might happen on signed integer overflow, etc. This might allow configuration of trapping, logging, or assuming in other areas of language UB.</span></p><h3 id="FunctionalityInteractionsCode-Generation"><a class="anchor hidden-xs" href="#FunctionalityInteractionsCode-Generation" title="FunctionalityInteractionsCode-Generation"><span class="octicon octicon-link"></span></a><span>Functionality::Interactions::Code-Generation</span></h3><p><span>How Contracts affect code generation</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#int.build.binaries" target="_blank" rel="noopener"><span>int.build.binaries</span></a><span>: Use contract-enabled binary libraries</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#cppdev.debugger" target="_blank" rel="noopener"><span>cppdev.debugger</span></a><span>: Have runtime able to launch a debugger from an annotation if necessary</span></p><h3 id="FunctionalityInteractionsExtensibility"><a class="anchor hidden-xs" href="#FunctionalityInteractionsExtensibility" title="FunctionalityInteractionsExtensibility"><span class="octicon octicon-link"></span></a><span>Functionality::Interactions::Extensibility</span></h3><p><span>How much room the Standard leaves for implementation extensions to Contracts</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#compiler.benice" target="_blank" rel="noopener"><span>compiler.benice</span></a><span>: Maximize implementation freedom by limiting what is strictly required by the standard</span></p><h3 id="FunctionalityInteractionsIntercompatibility"><a class="anchor hidden-xs" href="#FunctionalityInteractionsIntercompatibility" title="FunctionalityInteractionsIntercompatibility"><span class="octicon octicon-link"></span></a><span>Functionality::Interactions::Intercompatibility</span></h3><p><span>How Contracts interact with other languages/language components</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#cppdev.modules" target="_blank" rel="noopener"><span>cppdev.modules</span></a><span>: Be interoperable with modules</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#cppdev.coroutines" target="_blank" rel="noopener"><span>cppdev.coroutines</span></a><span>: Be interoperable with coroutines</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#cppdev.concepts" target="_blank" rel="noopener"><span>cppdev.concepts</span></a><span>: Be interoperable with concepts</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#ccppdev.interop" target="_blank" rel="noopener"><span>ccppdev.interop</span></a><span>: Not lose contracts when crossing languages</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#cdev.cppinterop" target="_blank" rel="noopener"><span>cdev.cppinterop</span></a><span>: Expose my contracts to C++ developers through </span><code>extern "C"</code><span> declarations of my functions</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.coroutines" target="_blank" rel="noopener"><span>api.coroutines</span></a><span>: Define and check pre and post conditions [on a coroutine] as I would a regular function</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.coroutines.invariants" target="_blank" rel="noopener"><span>api.coroutines.invariants</span></a><span>: Define and check invariants over all entry and exit points from a coroutine (to its awaiter or promise)</span></p><h3 id="FunctionalityInteractionsPredictability"><a class="anchor hidden-xs" href="#FunctionalityInteractionsPredictability" title="FunctionalityInteractionsPredictability"><span class="octicon octicon-link"></span></a><span>Functionality::Interactions::Predictability</span></h3><p><span>Ensuring that program behaviour is predictable</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#dev.reason.behavior" target="_blank" rel="noopener"><span>dev.reason.behavior</span></a><span>: Have annotations affect the execution of my program in accordance with my expectations</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#dev.reason.sideeffects" target="_blank" rel="noopener"><span>dev.reason.sideeffects</span></a><span>: Ensure annotations do not substantially change the meaning of my program whether enabled or disabled</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#crit.noundef" target="_blank" rel="noopener"><span>crit.noundef</span></a><span>: Have contract violation at run-time always have well-defined behavior</span></p><h3 id="FunctionalityReportingActionable"><a class="anchor hidden-xs" href="#FunctionalityReportingActionable" title="FunctionalityReportingActionable"><span class="octicon octicon-link"></span></a><span>Functionality::Reporting::Actionable</span></h3><p><span>How actionable a violation report is</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.establish.responsibility" target="_blank" rel="noopener"><span>api.establish.responsibility</span></a><span>: Inform users which errors are the responsibility of the caller, and which are the callee</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.resp.preassert" target="_blank" rel="noopener"><span>api.resp.preassert</span></a><span>: Annotate assertions inside function bodies that indirectly test preconditions (such as malformed data discovered while performing the algorithm) should be reported to the caller as precondition failures</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#int.violations.information" target="_blank" rel="noopener"><span>int.violations.information</span></a><span>: Be informed what check failed, when, where, and how</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#jdev.understand.buildfailures" target="_blank" rel="noopener"><span>jdev.understand.buildfailures</span></a><span>: Know why my software is not building</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#jdev.understand.aborting" target="_blank" rel="noopener"><span>jdev.understand.aborting</span></a><span>: Know why my software is aborting</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#jdev.understand.omniscience" target="_blank" rel="noopener"><span>jdev.understand.omniscience</span></a><span>: Know why my software is out of contract</span></p><h3 id="FunctionalityReportingVisible"><a class="anchor hidden-xs" href="#FunctionalityReportingVisible" title="FunctionalityReportingVisible"><span class="octicon octicon-link"></span></a><span>Functionality::Reporting::Visible</span></h3><p><span>How visible a contract violation is</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#int.conform.violation" target="_blank" rel="noopener"><span>int.conform.violation</span></a><span>: Be informed any time an interface’s contract is violated</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#jdev.understand.buildviolation" target="_blank" rel="noopener"><span>jdev.understand.buildviolation</span></a><span>: Know that my program or build was halted due to contract violation</span></p><h2 id="Teachability"><a class="anchor hidden-xs" href="#Teachability" title="Teachability"><span class="octicon octicon-link"></span></a><span>Teachability</span></h2><p><span>“How I want to teach Contracts”</span></p><pre><code class="C++ hljs"><span class="hljs-keyword">class</span> <span class="hljs-title">meta</span>::<span class="hljs-title">Teachability</span> {
  <span class="hljs-keyword">class</span> <span class="hljs-title">Reasoning</span> {
    <span class="hljs-keyword">class</span> <span class="hljs-title">Composeable</span>;
    <span class="hljs-keyword">class</span> <span class="hljs-title">Readable</span>;
  };
  <span class="hljs-keyword">class</span> <span class="hljs-title">Simplicity</span> {
    <span class="hljs-keyword">class</span> <span class="hljs-title">Build</span>;
    <span class="hljs-keyword">class</span> <span class="hljs-title">Code</span>;
    <span class="hljs-keyword">class</span> <span class="hljs-title">Conceptual</span>;
  };
  <span class="hljs-keyword">class</span> <span class="hljs-title">Consistency</span>;
  <span class="hljs-keyword">class</span> <span class="hljs-title">Documentation</span>;
};
</code></pre><h3 id="TeachabilityReasoningComposeable"><a class="anchor hidden-xs" href="#TeachabilityReasoningComposeable" title="TeachabilityReasoningComposeable"><span class="octicon octicon-link"></span></a><span>Teachability::Reasoning::Composeable</span></h3><p><span>Have Contracts be a set of building blocks that can be composed in any way</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#teach.layering" target="_blank" rel="noopener"><span>teach.layering</span></a><span>: Support the ability for advanced uses of contracts to be distributed across many different courses in a C+±focused computer science curriculum.</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#jdev.understand.contracts" target="_blank" rel="noopener"><span>jdev.understand.contracts</span></a><span>: A uniform, fluent description of expected input values, expected output values, side effects, and all logical pre and post conditions</span></p><h3 id="TeachabilityReasoningReadable"><a class="anchor hidden-xs" href="#TeachabilityReasoningReadable" title="TeachabilityReasoningReadable"><span class="octicon octicon-link"></span></a><span>Teachability::Reasoning::Readable</span></h3><p><span>Have Contracts be readable</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#dev.parsable" target="_blank" rel="noopener"><span>dev.parsable</span></a><span>: A syntax that can both be parsed and can be reasoned about semantically</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#dev.readable.priority" target="_blank" rel="noopener"><span>dev.readable.priority</span></a><span>: Have my contract specification to be visually primary, and secondary information (syntax, hints, roles, levels, etc.) to not be distracting</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#dev.readable.keywords" target="_blank" rel="noopener"><span>dev.readable.keywords</span></a><span>: Have annotation keywords or names with intuitive, clear, and unambiguous meanings</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#jdev.understand.keywords" target="_blank" rel="noopener"><span>jdev.understand.keywords</span></a><span>: Have keywords with precise and unambiguous meanings</span></p><h3 id="TeachabilitySimplicityBuild"><a class="anchor hidden-xs" href="#TeachabilitySimplicityBuild" title="TeachabilitySimplicityBuild"><span class="octicon octicon-link"></span></a><span>Teachability::Simplicity::Build</span></h3><p><span>Building code with Contracts should be simple and easy</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#teach.lifecycle" target="_blank" rel="noopener"><span>teach.lifecycle</span></a><span>: Demonstrate mock lifecycle by switching simple compiler flags to control which checks are enabled</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#teach.dumbstudents" target="_blank" rel="noopener"><span>teach.dumbstudents</span></a><span>: Have examples that are easy to build without digression into build systems</span></p><h3 id="TeachabilitySimplicityCode"><a class="anchor hidden-xs" href="#TeachabilitySimplicityCode" title="TeachabilitySimplicityCode"><span class="octicon octicon-link"></span></a><span>Teachability::Simplicity::Code</span></h3><p><span>Writing Contracts should be simple and easy</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#dev.readable.syntax" target="_blank" rel="noopener"><span>dev.readable.syntax</span></a><span>: Have annotations with a succinct and elegant syntax</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#jdev.understand.all" target="_blank" rel="noopener"><span>jdev.understand.all</span></a><span>: Be able to build a program with contracts after reasonably short tutorial</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#adev.fast" target="_blank" rel="noopener"><span>adev.fast</span></a><span>: Be able to write and modify contracts quickly without heavy boiler plate or up front cost</span></p><h3 id="TeachabilitySimplicityConceptual"><a class="anchor hidden-xs" href="#TeachabilitySimplicityConceptual" title="TeachabilitySimplicityConceptual"><span class="octicon octicon-link"></span></a><span>Teachability::Simplicity::Conceptual</span></h3><p><span>Concepts for Contracts should be simple and easy to grasp</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#teach.teachable" target="_blank" rel="noopener"><span>teach.teachable</span></a><span>: Have simple explanation of assertions and their use to support simple programming tasks, including debugging erroneous programs.</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#teach.bestpractices" target="_blank" rel="noopener"><span>teach.bestpractices</span></a><span>: Be able to express defensive programming, programming by contract, and test driven development to introductory students</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#compiler.best" target="_blank" rel="noopener"><span>compiler.best</span></a><span>: Have a clear and simple specification that meets clear need</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#wg21.everythingelse" target="_blank" rel="noopener"><span>wg21.everythingelse</span></a><span>: Have a clear way to understand how contracts will interact with the standard library</span></p><h3 id="TeachabilityConsistency"><a class="anchor hidden-xs" href="#TeachabilityConsistency" title="TeachabilityConsistency"><span class="octicon octicon-link"></span></a><span>Teachability::Consistency</span></h3><p><span>Have Contracts be consistent</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#cppdev.syntax.familiar" target="_blank" rel="noopener"><span>cppdev.syntax.familiar</span></a><span>: Have annotations use familiar syntax</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#cppdev.syntax.cpp" target="_blank" rel="noopener"><span>cppdev.syntax.cpp</span></a><span>: Have annotations use C++ syntax</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#test.standardized" target="_blank" rel="noopener"><span>test.standardized</span></a><span>: Not rely on custom libraries or proprietary extensions</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#teach.portable" target="_blank" rel="noopener"><span>teach.portable</span></a><span>: Have examples compilable by a standard compiler on any system</span></p><h3 id="TeachabilityDocumentation"><a class="anchor hidden-xs" href="#TeachabilityDocumentation" title="TeachabilityDocumentation"><span class="octicon octicon-link"></span></a><span>Teachability::Documentation</span></h3><p><span>Have useful documentation</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#sdev.bestpractices" target="_blank" rel="noopener"><span>sdev.bestpractices</span></a><span>: Demonstrate best practice in defensive programming</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#jdev.bestpractices" target="_blank" rel="noopener"><span>jdev.bestpractices</span></a><span>: Learn about software best practices by example</span></p><h2 id="Agenda-Advancement"><a class="anchor hidden-xs" href="#Agenda-Advancement" title="Agenda-Advancement"><span class="octicon octicon-link"></span></a><span>Agenda Advancement</span></h2><p><span>“How I want to advance a particular agenda”</span></p><pre><code class="C++ hljs"><span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">meta::Agenda</span>-<span class="hljs-title">Advancement</span> {</span>
  <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">C</span>-<span class="hljs-title">Compatibility</span>;</span>
  <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">CPP</span>-<span class="hljs-title">Adoption</span>;</span>
  <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Macro</span>-<span class="hljs-title">Elimination</span>;</span>
  <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">Unification</span>;</span>
};
</code></pre><h3 id="Agenda-AdvancementC-Compatibility"><a class="anchor hidden-xs" href="#Agenda-AdvancementC-Compatibility" title="Agenda-AdvancementC-Compatibility"><span class="octicon octicon-link"></span></a><span>Agenda-Advancement::C-Compatibility</span></h3><p><span>Specifying Contracts in a way that makes it compatible with C</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#cdev.contracts" target="_blank" rel="noopener"><span>cdev.contracts</span></a><span>: Specify contracts in a way standardizable as part of the C language</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#cdev.identifiers" target="_blank" rel="noopener"><span>cdev.identifiers</span></a><span>: Use contracts with macro-safe keywords that are reserved C names (i.e., </span><code>_Pre</code><span>, </span><code>_Post</code><span>, </span><code>_Assert</code><span>, etc.)</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#cdev.violationhandler" target="_blank" rel="noopener"><span>cdev.violationhandler</span></a><span>: Have a common violation handler for both violated C and C++ contracts</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#cdev.ignorable" target="_blank" rel="noopener"><span>cdev.ignorable</span></a><span>: Make all contract semantics optional (so as not to change WG14-N2385 6.7.11 p2)</span></p><h3 id="Agenda-AdvancementCPP-Adoption"><a class="anchor hidden-xs" href="#Agenda-AdvancementCPP-Adoption" title="Agenda-AdvancementCPP-Adoption"><span class="octicon octicon-link"></span></a><span>Agenda-Advancement::CPP-Adoption</span></h3><p><span>Specifying Contracts in a way that makes it easier to adopt newer C++ editions</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#analysis.legacy" target="_blank" rel="noopener"><span>analysis.legacy</span></a><span>: Be able to map pre-existing contract features in tools to a standardized language syntax</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#large.modernize" target="_blank" rel="noopener"><span>large.modernize</span></a><span>: Introduce standardized contracts to replace my macro-based contracts</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#large.stillmacros" target="_blank" rel="noopener"><span>large.stillmacros</span></a><span>: Have my existing macro-based facilities interoperate smoothly with standardized contracts so I can do the migration gradually</span></p><h3 id="Agenda-AdvancementMacro-Elimination"><a class="anchor hidden-xs" href="#Agenda-AdvancementMacro-Elimination" title="Agenda-AdvancementMacro-Elimination"><span class="octicon octicon-link"></span></a><span>Agenda-Advancement::Macro-Elimination</span></h3><p><span>Specifying Contracts in a way that doesn’t encourage usage of macros</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#cppdev.syntax.macros" target="_blank" rel="noopener"><span>cppdev.syntax.macros</span></a><span>: Minimize use of macros</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#arch.nomacros" target="_blank" rel="noopener"><span>arch.nomacros</span></a><span>: Express assertions in a way that does not rely on C macros (i.e., there is no valid technical reason for a programmer not to use the new way, including space, time, tooling, and usability/complexity reasons, compared to C’s assert macro)</span></p><h3 id="Agenda-AdvancementUnification"><a class="anchor hidden-xs" href="#Agenda-AdvancementUnification" title="Agenda-AdvancementUnification"><span class="octicon octicon-link"></span></a><span>Agenda-Advancement::Unification</span></h3><p><span>Specifying Contracts in a way that allows other existing parts of C++ to be re-written using Contracts</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#cppdev.existing.std" target="_blank" rel="noopener"><span>cppdev.existing.std</span></a><span>: Codify existing exposition-only standard library requirements</span></p><p><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html#api.contract.errorhandling" target="_blank" rel="noopener"><span>api.contract.errorhandling</span></a><span>: Replace uses of error handling to express contract violation (eg. </span><code>operator[](size_t n) noexcept [[pre: n &lt; size()]]</code><span> instead of throwing)</span></p><h1 id="Epilogue"><a class="anchor hidden-xs" href="#Epilogue" title="Epilogue"><span class="octicon octicon-link"></span></a><span>Epilogue</span></h1><h2 id="Caveats"><a class="anchor hidden-xs" href="#Caveats" title="Caveats"><span class="octicon octicon-link"></span></a><span>Caveats</span></h2><p><span>The use cases are not mine, and I don’t claim to fully and accurately understand all the implications and nuance of each one. The categorization is a best effort and is likely to change based on feedback.</span></p><h2 id="Thanks"><a class="anchor hidden-xs" href="#Thanks" title="Thanks"><span class="octicon octicon-link"></span></a><span>Thanks</span></h2><p><span>Thanks to Joshua Berne, Timur Doumler, Andrzej Krzemieński, Ryan McDougall, and Herb Sutter for their work collecting all of these use cases and attempting to distill their essences in </span><a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1995r0.html" target="_blank" rel="noopener"><span>P1995R0</span></a><span>, which this work builds on top of.</span></p></div>
    <div class="ui-toc dropup unselectable hidden-print" style="display:none;">
        <div class="pull-right dropdown">
            <a id="tocLabel" class="ui-toc-label btn btn-default" data-toggle="dropdown" href="#" role="button" aria-haspopup="true" aria-expanded="false" title="Table of content">
                <i class="fa fa-bars"></i>
            </a>
            <ul id="ui-toc" class="ui-toc-dropdown dropdown-menu" aria-labelledby="tocLabel">
                <div class="toc"><ul class="nav">
<li class=""><a href="#Contracts-Use-Case-Categorization" title="Contracts Use Case Categorization">Contracts Use Case Categorization</a><ul class="nav">
<li><a href="#Disclaimer" title="Disclaimer">Disclaimer</a></li>
<li><a href="#Goals" title="Goals">Goals</a></li>
<li><a href="#Notes" title="Notes">Notes</a></li>
</ul>
</li>
<li><a href="#Contracts-Use-Cases" title="Contracts Use Cases">Contracts Use Cases</a><ul class="nav">
<li><a href="#Correctness" title="Correctness">Correctness</a><ul class="nav">
<li><a href="#CorrectnessClass-ConsistencyDerivation" title="Correctness::Class-Consistency::Derivation">Correctness::Class-Consistency::Derivation</a></li>
<li><a href="#CorrectnessClass-ConsistencyInterface" title="Correctness::Class-Consistency::Interface">Correctness::Class-Consistency::Interface</a></li>
<li><a href="#CorrectnessClass-ConsistencyInternal" title="Correctness::Class-Consistency::Internal">Correctness::Class-Consistency::Internal</a></li>
<li><a href="#CorrectnessDefensive-CodingSafety" title="Correctness::Defensive-Coding::Safety">Correctness::Defensive-Coding::Safety</a></li>
<li><a href="#CorrectnessDefensive-CodingTDD" title="Correctness::Defensive-Coding::TDD">Correctness::Defensive-Coding::TDD</a></li>
<li><a href="#CorrectnessValidation" title="Correctness::Validation">Correctness::Validation</a></li>
</ul>
</li>
<li><a href="#Optimization" title="Optimization">Optimization</a><ul class="nav">
<li><a href="#OptimizationLeverage" title="Optimization::Leverage">Optimization::Leverage</a></li>
<li><a href="#OptimizationOverhead" title="Optimization::Overhead">Optimization::Overhead</a></li>
<li><a href="#OptimizationUB" title="Optimization::UB">Optimization::UB</a></li>
</ul>
</li>
<li><a href="#Code-Analysis" title="Code Analysis">Code Analysis</a><ul class="nav">
<li><a href="#Code-AnalysisTooling-AnnotationsAccuracy" title="Code-Analysis::Tooling-Annotations::Accuracy">Code-Analysis::Tooling-Annotations::Accuracy</a></li>
<li><a href="#Code-AnalysisTooling-AnnotationsIgnorability" title="Code-Analysis::Tooling-Annotations::Ignorability">Code-Analysis::Tooling-Annotations::Ignorability</a></li>
<li><a href="#Code-AnalysisCode-Generation" title="Code-Analysis::Code-Generation">Code-Analysis::Code-Generation</a></li>
<li><a href="#Code-AnalysisVerification" title="Code-Analysis::Verification">Code-Analysis::Verification</a></li>
</ul>
</li>
</ul>
</li>
<li><a href="#Contracts-Meta-Use-Cases" title="Contracts Meta Use Cases">Contracts Meta Use Cases</a><ul class="nav">
<li><a href="#Controllability" title="Controllability">Controllability</a><ul class="nav">
<li><a href="#ControllabilityControlMaintenance" title="Controllability::Control::Maintenance">Controllability::Control::Maintenance</a></li>
<li><a href="#ControllabilityControlSecurity" title="Controllability::Control::Security">Controllability::Control::Security</a></li>
<li><a href="#ControllabilityControlRun-time" title="Controllability::Control::Run-time">Controllability::Control::Run-time</a></li>
<li><a href="#ControllabilityControlSelection" title="Controllability::Control::Selection">Controllability::Control::Selection</a></li>
<li><a href="#ControllabilityControlSource" title="Controllability::Control::Source">Controllability::Control::Source</a></li>
<li><a href="#ControllabilityGranularityBuild" title="Controllability::Granularity::Build">Controllability::Granularity::Build</a></li>
<li><a href="#ControllabilityGranularityDebug" title="Controllability::Granularity::Debug">Controllability::Granularity::Debug</a></li>
<li><a href="#ControllabilityGranularitySource" title="Controllability::Granularity::Source">Controllability::Granularity::Source</a></li>
<li><a href="#ControllabilityReportingCustomization" title="Controllability::Reporting::Customization">Controllability::Reporting::Customization</a></li>
<li><a href="#ControllabilityReportingStripping" title="Controllability::Reporting::Stripping">Controllability::Reporting::Stripping</a></li>
<li><a href="#ControllabilityTestingOverride-Checking" title="Controllability::Testing::Override-Checking">Controllability::Testing::Override-Checking</a></li>
<li><a href="#ControllabilityTestingOverride-Handling" title="Controllability::Testing::Override-Handling">Controllability::Testing::Override-Handling</a></li>
<li><a href="#ControllabilityViolation-HandlingContinuation" title="Controllability::Violation-Handling::Continuation">Controllability::Violation-Handling::Continuation</a></li>
<li><a href="#ControllabilityViolation-HandlingCustomization" title="Controllability::Violation-Handling::Customization">Controllability::Violation-Handling::Customization</a></li>
</ul>
</li>
<li><a href="#Functionality" title="Functionality">Functionality</a><ul class="nav">
<li><a href="#FunctionalityExpressivityAnnotations" title="Functionality::Expressivity::Annotations">Functionality::Expressivity::Annotations</a></li>
<li><a href="#FunctionalityExpressivityForm" title="Functionality::Expressivity::Form">Functionality::Expressivity::Form</a></li>
<li><a href="#FunctionalityExpressivityMeta-Information" title="Functionality::Expressivity::Meta-Information">Functionality::Expressivity::Meta-Information</a></li>
<li><a href="#FunctionalityFlexibilityCode" title="Functionality::Flexibility::Code">Functionality::Flexibility::Code</a></li>
<li><a href="#FunctionalityFlexibilityEvolution" title="Functionality::Flexibility::Evolution">Functionality::Flexibility::Evolution</a></li>
<li><a href="#FunctionalityFlexibilityLocation" title="Functionality::Flexibility::Location">Functionality::Flexibility::Location</a></li>
<li><a href="#FunctionalityFlexibilityUnevaluated" title="Functionality::Flexibility::Unevaluated">Functionality::Flexibility::Unevaluated</a></li>
<li><a href="#FunctionalityFlexibilityUsage" title="Functionality::Flexibility::Usage">Functionality::Flexibility::Usage</a></li>
<li><a href="#FunctionalityInteractionsCode-Generation" title="Functionality::Interactions::Code-Generation">Functionality::Interactions::Code-Generation</a></li>
<li><a href="#FunctionalityInteractionsExtensibility" title="Functionality::Interactions::Extensibility">Functionality::Interactions::Extensibility</a></li>
<li><a href="#FunctionalityInteractionsIntercompatibility" title="Functionality::Interactions::Intercompatibility">Functionality::Interactions::Intercompatibility</a></li>
<li><a href="#FunctionalityInteractionsPredictability" title="Functionality::Interactions::Predictability">Functionality::Interactions::Predictability</a></li>
<li><a href="#FunctionalityReportingActionable" title="Functionality::Reporting::Actionable">Functionality::Reporting::Actionable</a></li>
<li><a href="#FunctionalityReportingVisible" title="Functionality::Reporting::Visible">Functionality::Reporting::Visible</a></li>
</ul>
</li>
<li><a href="#Teachability" title="Teachability">Teachability</a><ul class="nav">
<li><a href="#TeachabilityReasoningComposeable" title="Teachability::Reasoning::Composeable">Teachability::Reasoning::Composeable</a></li>
<li><a href="#TeachabilityReasoningReadable" title="Teachability::Reasoning::Readable">Teachability::Reasoning::Readable</a></li>
<li><a href="#TeachabilitySimplicityBuild" title="Teachability::Simplicity::Build">Teachability::Simplicity::Build</a></li>
<li><a href="#TeachabilitySimplicityCode" title="Teachability::Simplicity::Code">Teachability::Simplicity::Code</a></li>
<li><a href="#TeachabilitySimplicityConceptual" title="Teachability::Simplicity::Conceptual">Teachability::Simplicity::Conceptual</a></li>
<li><a href="#TeachabilityConsistency" title="Teachability::Consistency">Teachability::Consistency</a></li>
<li><a href="#TeachabilityDocumentation" title="Teachability::Documentation">Teachability::Documentation</a></li>
</ul>
</li>
<li><a href="#Agenda-Advancement" title="Agenda Advancement">Agenda Advancement</a><ul class="nav">
<li><a href="#Agenda-AdvancementC-Compatibility" title="Agenda-Advancement::C-Compatibility">Agenda-Advancement::C-Compatibility</a></li>
<li><a href="#Agenda-AdvancementCPP-Adoption" title="Agenda-Advancement::CPP-Adoption">Agenda-Advancement::CPP-Adoption</a></li>
<li><a href="#Agenda-AdvancementMacro-Elimination" title="Agenda-Advancement::Macro-Elimination">Agenda-Advancement::Macro-Elimination</a></li>
<li><a href="#Agenda-AdvancementUnification" title="Agenda-Advancement::Unification">Agenda-Advancement::Unification</a></li>
</ul>
</li>
</ul>
</li>
<li><a href="#Epilogue" title="Epilogue">Epilogue</a><ul class="nav">
<li><a href="#Caveats" title="Caveats">Caveats</a></li>
<li><a href="#Thanks" title="Thanks">Thanks</a></li>
</ul>
</li>
</ul>
</div><div class="toc-menu"><a class="expand-toggle" href="#">Expand all</a><a class="back-to-top" href="#">Back to top</a><a class="go-to-bottom" href="#">Go to bottom</a></div>
            </ul>
        </div>
    </div>
    <div id="ui-toc-affix" class="ui-affix-toc ui-toc-dropdown unselectable hidden-print" data-spy="affix" style="top:17px;display:none;" null null>
        <div class="toc"><ul class="nav">
<li class=""><a href="#Contracts-Use-Case-Categorization" title="Contracts Use Case Categorization">Contracts Use Case Categorization</a><ul class="nav">
<li><a href="#Disclaimer" title="Disclaimer">Disclaimer</a></li>
<li><a href="#Goals" title="Goals">Goals</a></li>
<li><a href="#Notes" title="Notes">Notes</a></li>
</ul>
</li>
<li><a href="#Contracts-Use-Cases" title="Contracts Use Cases">Contracts Use Cases</a><ul class="nav">
<li><a href="#Correctness" title="Correctness">Correctness</a><ul class="nav">
<li><a href="#CorrectnessClass-ConsistencyDerivation" title="Correctness::Class-Consistency::Derivation">Correctness::Class-Consistency::Derivation</a></li>
<li><a href="#CorrectnessClass-ConsistencyInterface" title="Correctness::Class-Consistency::Interface">Correctness::Class-Consistency::Interface</a></li>
<li><a href="#CorrectnessClass-ConsistencyInternal" title="Correctness::Class-Consistency::Internal">Correctness::Class-Consistency::Internal</a></li>
<li><a href="#CorrectnessDefensive-CodingSafety" title="Correctness::Defensive-Coding::Safety">Correctness::Defensive-Coding::Safety</a></li>
<li><a href="#CorrectnessDefensive-CodingTDD" title="Correctness::Defensive-Coding::TDD">Correctness::Defensive-Coding::TDD</a></li>
<li><a href="#CorrectnessValidation" title="Correctness::Validation">Correctness::Validation</a></li>
</ul>
</li>
<li><a href="#Optimization" title="Optimization">Optimization</a><ul class="nav">
<li><a href="#OptimizationLeverage" title="Optimization::Leverage">Optimization::Leverage</a></li>
<li><a href="#OptimizationOverhead" title="Optimization::Overhead">Optimization::Overhead</a></li>
<li><a href="#OptimizationUB" title="Optimization::UB">Optimization::UB</a></li>
</ul>
</li>
<li><a href="#Code-Analysis" title="Code Analysis">Code Analysis</a><ul class="nav">
<li><a href="#Code-AnalysisTooling-AnnotationsAccuracy" title="Code-Analysis::Tooling-Annotations::Accuracy">Code-Analysis::Tooling-Annotations::Accuracy</a></li>
<li><a href="#Code-AnalysisTooling-AnnotationsIgnorability" title="Code-Analysis::Tooling-Annotations::Ignorability">Code-Analysis::Tooling-Annotations::Ignorability</a></li>
<li><a href="#Code-AnalysisCode-Generation" title="Code-Analysis::Code-Generation">Code-Analysis::Code-Generation</a></li>
<li><a href="#Code-AnalysisVerification" title="Code-Analysis::Verification">Code-Analysis::Verification</a></li>
</ul>
</li>
</ul>
</li>
<li><a href="#Contracts-Meta-Use-Cases" title="Contracts Meta Use Cases">Contracts Meta Use Cases</a><ul class="nav">
<li><a href="#Controllability" title="Controllability">Controllability</a><ul class="nav">
<li><a href="#ControllabilityControlMaintenance" title="Controllability::Control::Maintenance">Controllability::Control::Maintenance</a></li>
<li><a href="#ControllabilityControlSecurity" title="Controllability::Control::Security">Controllability::Control::Security</a></li>
<li><a href="#ControllabilityControlRun-time" title="Controllability::Control::Run-time">Controllability::Control::Run-time</a></li>
<li><a href="#ControllabilityControlSelection" title="Controllability::Control::Selection">Controllability::Control::Selection</a></li>
<li><a href="#ControllabilityControlSource" title="Controllability::Control::Source">Controllability::Control::Source</a></li>
<li><a href="#ControllabilityGranularityBuild" title="Controllability::Granularity::Build">Controllability::Granularity::Build</a></li>
<li><a href="#ControllabilityGranularityDebug" title="Controllability::Granularity::Debug">Controllability::Granularity::Debug</a></li>
<li><a href="#ControllabilityGranularitySource" title="Controllability::Granularity::Source">Controllability::Granularity::Source</a></li>
<li><a href="#ControllabilityReportingCustomization" title="Controllability::Reporting::Customization">Controllability::Reporting::Customization</a></li>
<li><a href="#ControllabilityReportingStripping" title="Controllability::Reporting::Stripping">Controllability::Reporting::Stripping</a></li>
<li><a href="#ControllabilityTestingOverride-Checking" title="Controllability::Testing::Override-Checking">Controllability::Testing::Override-Checking</a></li>
<li><a href="#ControllabilityTestingOverride-Handling" title="Controllability::Testing::Override-Handling">Controllability::Testing::Override-Handling</a></li>
<li><a href="#ControllabilityViolation-HandlingContinuation" title="Controllability::Violation-Handling::Continuation">Controllability::Violation-Handling::Continuation</a></li>
<li><a href="#ControllabilityViolation-HandlingCustomization" title="Controllability::Violation-Handling::Customization">Controllability::Violation-Handling::Customization</a></li>
</ul>
</li>
<li><a href="#Functionality" title="Functionality">Functionality</a><ul class="nav">
<li><a href="#FunctionalityExpressivityAnnotations" title="Functionality::Expressivity::Annotations">Functionality::Expressivity::Annotations</a></li>
<li><a href="#FunctionalityExpressivityForm" title="Functionality::Expressivity::Form">Functionality::Expressivity::Form</a></li>
<li><a href="#FunctionalityExpressivityMeta-Information" title="Functionality::Expressivity::Meta-Information">Functionality::Expressivity::Meta-Information</a></li>
<li><a href="#FunctionalityFlexibilityCode" title="Functionality::Flexibility::Code">Functionality::Flexibility::Code</a></li>
<li><a href="#FunctionalityFlexibilityEvolution" title="Functionality::Flexibility::Evolution">Functionality::Flexibility::Evolution</a></li>
<li><a href="#FunctionalityFlexibilityLocation" title="Functionality::Flexibility::Location">Functionality::Flexibility::Location</a></li>
<li><a href="#FunctionalityFlexibilityUnevaluated" title="Functionality::Flexibility::Unevaluated">Functionality::Flexibility::Unevaluated</a></li>
<li><a href="#FunctionalityFlexibilityUsage" title="Functionality::Flexibility::Usage">Functionality::Flexibility::Usage</a></li>
<li><a href="#FunctionalityInteractionsCode-Generation" title="Functionality::Interactions::Code-Generation">Functionality::Interactions::Code-Generation</a></li>
<li><a href="#FunctionalityInteractionsExtensibility" title="Functionality::Interactions::Extensibility">Functionality::Interactions::Extensibility</a></li>
<li><a href="#FunctionalityInteractionsIntercompatibility" title="Functionality::Interactions::Intercompatibility">Functionality::Interactions::Intercompatibility</a></li>
<li><a href="#FunctionalityInteractionsPredictability" title="Functionality::Interactions::Predictability">Functionality::Interactions::Predictability</a></li>
<li><a href="#FunctionalityReportingActionable" title="Functionality::Reporting::Actionable">Functionality::Reporting::Actionable</a></li>
<li><a href="#FunctionalityReportingVisible" title="Functionality::Reporting::Visible">Functionality::Reporting::Visible</a></li>
</ul>
</li>
<li><a href="#Teachability" title="Teachability">Teachability</a><ul class="nav">
<li><a href="#TeachabilityReasoningComposeable" title="Teachability::Reasoning::Composeable">Teachability::Reasoning::Composeable</a></li>
<li><a href="#TeachabilityReasoningReadable" title="Teachability::Reasoning::Readable">Teachability::Reasoning::Readable</a></li>
<li><a href="#TeachabilitySimplicityBuild" title="Teachability::Simplicity::Build">Teachability::Simplicity::Build</a></li>
<li><a href="#TeachabilitySimplicityCode" title="Teachability::Simplicity::Code">Teachability::Simplicity::Code</a></li>
<li><a href="#TeachabilitySimplicityConceptual" title="Teachability::Simplicity::Conceptual">Teachability::Simplicity::Conceptual</a></li>
<li><a href="#TeachabilityConsistency" title="Teachability::Consistency">Teachability::Consistency</a></li>
<li><a href="#TeachabilityDocumentation" title="Teachability::Documentation">Teachability::Documentation</a></li>
</ul>
</li>
<li><a href="#Agenda-Advancement" title="Agenda Advancement">Agenda Advancement</a><ul class="nav">
<li><a href="#Agenda-AdvancementC-Compatibility" title="Agenda-Advancement::C-Compatibility">Agenda-Advancement::C-Compatibility</a></li>
<li><a href="#Agenda-AdvancementCPP-Adoption" title="Agenda-Advancement::CPP-Adoption">Agenda-Advancement::CPP-Adoption</a></li>
<li><a href="#Agenda-AdvancementMacro-Elimination" title="Agenda-Advancement::Macro-Elimination">Agenda-Advancement::Macro-Elimination</a></li>
<li><a href="#Agenda-AdvancementUnification" title="Agenda-Advancement::Unification">Agenda-Advancement::Unification</a></li>
</ul>
</li>
</ul>
</li>
<li><a href="#Epilogue" title="Epilogue">Epilogue</a><ul class="nav">
<li><a href="#Caveats" title="Caveats">Caveats</a></li>
<li><a href="#Thanks" title="Thanks">Thanks</a></li>
</ul>
</li>
</ul>
</div><div class="toc-menu"><a class="expand-toggle" href="#">Expand all</a><a class="back-to-top" href="#">Back to top</a><a class="go-to-bottom" href="#">Go to bottom</a></div>
    </div>
    <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js" integrity="sha256-hVVnYaiADRTO2PzUGmuLJr8BLUSjGIZsDYGmIJLv2b8=" crossorigin="anonymous"></script>
    <script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha256-U5ZEeKfGNOja007MMD3YBI0A3OSZOQbeG6z2f2Y0hu8=" crossorigin="anonymous" defer></script>
    <script src="https://cdnjs.cloudflare.com/ajax/libs/gist-embed/2.6.0/gist-embed.min.js" integrity="sha256-KyF2D6xPIJUW5sUDSs93vWyZm+1RzIpKCexxElmxl8g=" crossorigin="anonymous" defer></script>
    <script>
        var markdown = $(".markdown-body");
        //smooth all hash trigger scrolling
        function smoothHashScroll() {
            var hashElements = $("a[href^='#']").toArray();
            for (var i = 0; i < hashElements.length; i++) {
                var element = hashElements[i];
                var $element = $(element);
                var hash = element.hash;
                if (hash) {
                    $element.on('click', function (e) {
                        // store hash
                        var hash = this.hash;
                        if ($(hash).length <= 0) return;
                        // prevent default anchor click behavior
                        e.preventDefault();
                        // animate
                        $('body, html').stop(true, true).animate({
                            scrollTop: $(hash).offset().top
                        }, 100, "linear", function () {
                            // when done, add hash to url
                            // (default click behaviour)
                            window.location.hash = hash;
                        });
                    });
                }
            }
        }

        smoothHashScroll();
        var toc = $('.ui-toc');
        var tocAffix = $('.ui-affix-toc');
        var tocDropdown = $('.ui-toc-dropdown');
        //toc
        tocDropdown.click(function (e) {
            e.stopPropagation();
        });

        var enoughForAffixToc = true;

        function generateScrollspy() {
            $(document.body).scrollspy({
                target: ''
            });
            $(document.body).scrollspy('refresh');
            if (enoughForAffixToc) {
                toc.hide();
                tocAffix.show();
            } else {
                tocAffix.hide();
                toc.show();
            }
            $(document.body).scroll();
        }

        function windowResize() {
            //toc right
            var paddingRight = parseFloat(markdown.css('padding-right'));
            var right = ($(window).width() - (markdown.offset().left + markdown.outerWidth() - paddingRight));
            toc.css('right', right + 'px');
            //affix toc left
            var newbool;
            var rightMargin = (markdown.parent().outerWidth() - markdown.outerWidth()) / 2;
            //for ipad or wider device
            if (rightMargin >= 133) {
                newbool = true;
                var affixLeftMargin = (tocAffix.outerWidth() - tocAffix.width()) / 2;
                var left = markdown.offset().left + markdown.outerWidth() - affixLeftMargin;
                tocAffix.css('left', left + 'px');
            } else {
                newbool = false;
            }
            if (newbool != enoughForAffixToc) {
                enoughForAffixToc = newbool;
                generateScrollspy();
            }
        }
        $(window).resize(function () {
            windowResize();
        });
        $(document).ready(function () {
            windowResize();
            generateScrollspy();
        });

        //remove hash
        function removeHash() {
            window.location.hash = '';
        }

        var backtotop = $('.back-to-top');
        var gotobottom = $('.go-to-bottom');

        backtotop.click(function (e) {
            e.preventDefault();
            e.stopPropagation();
            if (scrollToTop)
                scrollToTop();
            removeHash();
        });
        gotobottom.click(function (e) {
            e.preventDefault();
            e.stopPropagation();
            if (scrollToBottom)
                scrollToBottom();
            removeHash();
        });

        var toggle = $('.expand-toggle');
        var tocExpand = false;

        checkExpandToggle();
        toggle.click(function (e) {
            e.preventDefault();
            e.stopPropagation();
            tocExpand = !tocExpand;
            checkExpandToggle();
        })

        function checkExpandToggle () {
            var toc = $('.ui-toc-dropdown .toc');
            var toggle = $('.expand-toggle');
            if (!tocExpand) {
                toc.removeClass('expand');
                toggle.text('Expand all');
            } else {
                toc.addClass('expand');
                toggle.text('Collapse all');
            }
        }

        function scrollToTop() {
            $('body, html').stop(true, true).animate({
                scrollTop: 0
            }, 100, "linear");
        }

        function scrollToBottom() {
            $('body, html').stop(true, true).animate({
                scrollTop: $(document.body)[0].scrollHeight
            }, 100, "linear");
        }
    </script>
</body>

</html>
