<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Issue 529: The standard encourages redundant and confusing preconditions</title>
<meta property="og:title" content="Issue 529: The standard encourages redundant and confusing preconditions">
<meta property="og:description" content="C++ library issue. Status: NAD Editorial">
<meta property="og:url" content="https://cplusplus.github.io/LWG/issue529.html">
<meta property="og:type" content="website">
<meta property="og:image" content="http://cplusplus.github.io/LWG/images/cpp_logo.png">
<meta property="og:image:alt" content="C++ logo">
<style>
  p {text-align:justify}
  li {text-align:justify}
  pre code.backtick::before { content: "`" }
  pre code.backtick::after { content: "`" }
  blockquote.note
  {
    background-color:#E0E0E0;
    padding-left: 15px;
    padding-right: 15px;
    padding-top: 1px;
    padding-bottom: 1px;
  }
  ins {background-color:#A0FFA0}
  del {background-color:#FFA0A0}
  table.issues-index { border: 1px solid; border-collapse: collapse; }
  table.issues-index th { text-align: center; padding: 4px; border: 1px solid; }
  table.issues-index td { padding: 4px; border: 1px solid; }
  table.issues-index td:nth-child(1) { text-align: right; }
  table.issues-index td:nth-child(2) { text-align: left; }
  table.issues-index td:nth-child(3) { text-align: left; }
  table.issues-index td:nth-child(4) { text-align: left; }
  table.issues-index td:nth-child(5) { text-align: center; }
  table.issues-index td:nth-child(6) { text-align: center; }
  table.issues-index td:nth-child(7) { text-align: left; }
  table.issues-index td:nth-child(5) span.no-pr { color: red; }
  @media (prefers-color-scheme: dark) {
     html {
        color: #ddd;
        background-color: black;
     }
     ins {
        background-color: #225522
     }
     del {
        background-color: #662222
     }
     a {
        color: #6af
     }
     a:visited {
        color: #6af
     }
     blockquote.note
     {
        background-color: rgba(255, 255, 255, .10)
     }
  }
</style>
</head>
<body>
<hr>
<p><em>This page is a snapshot from the LWG issues list, see the <a href="lwg-active.html">Library Active Issues List</a> for more information and the meaning of <a href="lwg-active.html#NAD_Editorial">NAD Editorial</a> status.</em></p>
<h3 id="529"><a href="lwg-closed.html#529">529</a>. The standard encourages redundant and confusing preconditions</h3>
<p><b>Section:</b> 99 [res.on.required] <b>Status:</b> <a href="lwg-active.html#NAD_Editorial">NAD Editorial</a>
 <b>Submitter:</b> David Abrahams <b>Opened:</b> 2005-10-25 <b>Last modified:</b> 2016-01-28</p>
<p><b>Priority: </b>Not Prioritized
</p>
<p><b>View all issues with</b> <a href="lwg-status.html#NAD Editorial">NAD Editorial</a> status.</p>
<p><b>Discussion:</b></p>
<p>
17.4.3.8/1 says:
</p>

<blockquote><p>
Violation of the preconditions specified in a function's 
Required behavior: paragraph results in undefined behavior unless the 
function's Throws: paragraph specifies throwing an exception when the 
precondition is violated.
</p></blockquote>

<p>
This implies that a precondition violation can lead to defined
behavior.  That conflicts with the only reasonable definition of
precondition: that a violation leads to undefined behavior.  Any other
definition muddies the waters when it comes to analyzing program
correctness, because precondition violations may be routinely done in
correct code (e.g. you can use std::vector::at with the full
expectation that you'll get an exception when your index is out of
range, catch the exception, and continue).  Not only is it a bad
example to set, but it encourages needless complication and redundancy
in the standard.  For example:
</p>

<blockquote><pre>
  21 Strings library 
  21.3.3 basic_string capacity

  void resize(size_type n, charT c);

  5 Requires: n &lt;= max_size()
  6 Throws: length_error if n &gt; max_size().
  7 Effects: Alters the length of the string designated by *this as follows:
</pre></blockquote>

<p>
The Requires clause is entirely redundant and can be dropped.  We
could make that simplifying change (and many others like it) even
without changing 17.4.3.8/1; the wording there just seems to encourage
the redundant and error-prone Requires: clause.
</p>

<p><i>[
Batavia:  Alan and Pete to work.
]</i></p>


<p><i>[
Bellevue:  NAD Editorial, this group likes 
<a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2006/n2121.html">N2121</a>,
Pete agrees, accepting it is Pete's business.
General agreement that precondition violations are synonymous with UB.
]</i></p>



<p id="res-529"><b>Proposed resolution:</b></p>
<p>
1. Change 17.4.3.8/1 to read:
</p>

<blockquote><p>
Violation of the preconditions specified in a function's
<i>Required behavior:</i> paragraph results in undefined behavior
<del>unless the function's <i>Throws:</i> paragraph specifies throwing
an exception when the precondition is violated</del>.
</p></blockquote>

<p>
2. Go through and remove redundant Requires: clauses.  Specifics to be
   provided by Dave A.
</p>

<p><i>[
Berlin: The LWG requests a detailed survey of part 2 of the proposed resolution.
]</i></p>


<p><i>[
Alan provided the survey
<a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2006/n2121.html">N2121</a>.
]</i></p>







</body>
</html>
