P3977R0 — A New Taxonomy for Contracts

P3977R0 — A New Taxonomy for Contracts (14 items) WG21

Oliver J. Rosten

This paper proposes a richer classification of C++ contracts to address deficiencies in the existing wide/narrow binary taxonomy, which becomes counterintuitive or inapplicable in scenarios involving non-ignorable or unconditionally hardened preconditions. It formalizes the notions of primary and secondary behaviour, primary and secondary domain, and primary and secondary codomain, then introduces eight contract categories: free, disambiguating, lossy, disconnecting, unconditionally hardened, narrow, pathological, and faithful (a union of free and disambiguating). The taxonomy enables precise reasoning about cases such as a function with a precondition that is always enforced, which is neither wide nor narrow under the existing scheme.

Section V, prose before Definition 5.4, page 11 — "primary domain" should be "primary codomain" — the passage describes the output/effects space (codomain), not the input space (domain), consistent with Definition 5.2. [1] [1]
Section I (Introduction), page 2 — The parameter in float sqrt(float) pre (x >= 0) is unnamed, making x an undeclared identifier. Other examples in the paper correctly name it (e.g., float sqrt(float x) on page 5). [2]
Section V, Definition 5.5, page 11 — "without return control" is missing the gerund suffix; should be "without returning control to the caller". [3]
Section II (Incorrect Programs), page 4 — "if is called with a negative argument" is missing the pronoun "it". [4]
Section I (Introduction), page 3 — "cannot be classified as other wide or narrow" — "other" should be "either". [5]
Section II (Incorrect Programs), page 5 — "just a erroneous behaviour" is missing "s" — should be "just as erroneous behaviour". [6]
Section II (Incorrect Programs), page 4 — "define delineate" is a double verb; one should be removed. [7]
Section IV, Example 4.8.b, page 10 — Doubled article: "the the program aborting." [2] [8]
Section II (Incorrect Programs), page 4 — Missing closing comma after parenthetical: "Unlike, say, dereferencing a null pointer erroneous behaviour" needs a comma after "pointer". [9]
Section I (Introduction), page 2 — "it is reasonably to assume" — adverb "reasonably" used where adjective "reasonable" is required. [10]
Section V, Example 5.8.b, page 12 — "derefenceable" is misspelled; missing 'r' — should be "dereferenceable". [3] [11]
Table of Contents, page 1 — "implementation Freedom & the ABI" has inconsistent capitalization; the actual section heading is fully capitalized. TOC entry should be "Implementation Freedom & the ABI". [4] [12]
Table of Contents, page 1 — "Primary and secondary Behaviour" has inconsistent capitalization; the actual section heading capitalizes all major words. TOC entry should be "Primary and Secondary Behaviour". [5] [13]

References — Anthropic Citations API

[1]
"float sqrt(float) pre (x >= 0);"

[2]
"it is reasonably to assume"

[3]
"First, we need to define delineate different meanings of undefined behaviour."

[4]
"Furthermore, just a erroneous behaviour is well-defined, we also want to capture the case"

[5]
"if is called with a negative argument"

[6]
"The secondary codomain of void abort() pre (false); is the the program aborting. "

[7]
"cannot be classified as other wide or narrow according to the definition of [N3248]."

[8]
"Program execution continues indefinitely without return control to the caller"

[9]
"Unlike, say, dereferencing a null pointer erroneous behaviour is well-defined."

[10]
"Consider everybody’s favourite mathematical function float std::frexp(float num, int* exp); This has a plain-language precondition that the pointer, exp, must be derefenceable. "

[11]
"The next contract definition relaxes the requirement that no elements of the secondary domain map to the primary domain."

[12]
"implementation Freedom & the ABI 6 IV. "

[13]
"Primary and secondary Behaviour 7 V. A Taxonomy for Contracts 10 VI. "

Summary: Proposes a mathematical taxonomy for C++ contracts built on the notions of primary and secondary behaviour, codomains, and function-level correctness classifications, aiming to replace the current wide/narrow contract distinction with a framework that integrates erroneous behaviour and contract annotations.

Pipeline: Discovery (Anthropic Opus + Citations API) → Verification Gate (OpenRouter Opus) → Report Writer (OpenRouter Opus)
Provenance: All references are machine-verified character positions from the Anthropic Citations API — deterministic, exact substrings, not model-generated quotes.