P3984R0 — A type-safety profile

P3984R0 — A type-safety profile (16 items) EWG, SG12, SG20, SG23

Bjarne Stroustrup

This paper describes the design and rationale for C++ Profiles, a framework for guaranteeing type safety and resource safety in C++ programs through a subset-of-superset strategy combining static analysis with hardened libraries. It presents detailed specifications for type-safety and resource-safety profiles, covering objects, resources, constructors/destructors, range errors, nullptr access, and dangling pointer invalidation. The paper concludes with a call to action for implementers to adopt the Profiles framework and begin experimenting with specific profiles to gain standardization experience.

Section 4, page 10 / Section 6, page 11 — [BS25d] is cited in prose as an example of a library for checking arithmetic, but the bibliography entry for [BS25d] is "Concept-Based Generic Programming in C++," which is unrelated to arithmetic checking. Either the citation key or the bibliography entry is wrong. [1]
Section 1, page 4 — Citation key [CDR21] does not exist in the bibliography. The intended key is [GDR21] (G. Dos Reis). [2]
Section 6 (References), page 11 — Two different works share the citation key [BS24], making body references to [BS24] ambiguous. [3]
Section 6 (References), page 11 — [BS24] and [BS24b] are duplicate entries for the same paper (P3274R0). One should be removed. [4]
Section 6 (References), page 11 — [BS23] and [BS23a] are duplicate entries for the same paper (P2816R0). One should be removed. [5]
Section 2.6, page 8 — "invalidate it use the object" does not parse; a conjunction or punctuation is missing between "invalidate it" and "use the object." [6]
Section 1, page 2 — "reasonably definition" — "reasonably" is an adverb; the adjective "reasonable" is required. [7]
Section 1, page 3 — "a profile cannot define to be anything else" — missing pronoun "it" after "define." [8]
Section 2.5, page 6 — "ways ... is to prevent" — subject-verb disagreement; "ways" is plural, verb should be "are." [9]
Section 4, page 10 — "libraries for checking arithmetic exists" — subject-verb disagreement; "libraries" is plural, verb should be "exist." [10]
Section 2, page 5 — "is used to think" should be "is used to thinking" (gerund required after "is used to" meaning "is accustomed to"). [11]
Section 6 (References), page 11 — Book title misspelled: "Programming: Principle and Practice" should be "Programming: Principles and Practice" (plural). [1] [12]
Section 2.6, page 7 — "a invalidated" — indefinite article before a vowel sound should be "an." [13]
Section 2.6, page 8 — "anything the refers" — "the" is a typo for "that." [14]
Section 2.4, page 6 — "handled similar to" — "similar" is an adjective; the adverb "similarly" is needed. [2] [15]
Section 1, page 3 — Missing terminal period after "compiler)" before the paragraph beginning "Subsetting alone." [16]

References — Anthropic Citations API

[1]
"One limiting factor here will be the lack of a standard internal representation of C++ (e.g., IPR [GDR11, CDR21], Clang AST [MK13])."

[2]
"[BS24] B. Stroustrup: A framework for Profiles development. P3274R0. 2024-05-5. and [BS24] B. Stroustrup: Programming: Principle and Practice using C++. Addison-Wesley. 2024. ISBN 978-0-13-830868-1."

[3]
"[BS24] B. Stroustrup: A framework for Profiles development. P3274R0. and [BS24b] B. Stroustrup: A framework for Profiles development. WG21 P3274R0."

[4]
"[BS23] B. Stroustrup and G. Dos Reis: Safety Profiles: Type-and-resource Safe programming in ISO Standard C++. P2816R0. 2023-02-16 and [BS23a] B. Stroustrup and G. Dos Reis: Safety Profiles:..."

[5]
"• [BS24] B. Stroustrup: Programming: Principle and Practice using C++. Addison-Wesley. 2024. ISBN 978-0-13-830868-1. "

[5]
"• [BS24] B. Stroustrup: Programming: Principle and Practice using C++. "

[6]
"It is impossible to prove an arbitrary program safe for any reasonably definition of "safe" in a language able to manipulate hardware and implement fundamental abstractions."

[7]
"access through a invalidated pointer; that is, a pointer to an object that had been deleted or gone out of scope"

[8]
"By "pointer", we include anything the refers to an object (e.g., references and lambda captures)."

[9]
"However, wraparound of unsigned arithmetic is well-defined so a profile cannot define to be anything else."

[10]
"The two obvious ways of avoiding accessing an object that is not of the right type (or no type at all) is to prevent"

[11]
"If an alias to an object has been taken, don't call a function that can invalidate it use the object."

[12]
"However, not everybody – not even in WG21 – is used to think about this in the context of defining a language feature or a library component."

[13]
"Note that libraries for checking arithmetic exists (e.g., [BS25d, HH25])."

[14]
"Note that libraries for checking arithmetic exists (e.g., [BS25d, HH25]). and [BS25d] B. Stroustrup: Concept-Based Generic Programming in C++. 2025-10."

[15]
"Subsetting is done through static analysis (ideally by the compiler) Subsetting alone cannot deliver many of the most desired guarantees"

[16]
"Copies and moves To be handled similar to constructors and destructors. "

Summary: P3984R0 proposes a type-safety profile for C++ that defines a set of rules and their enforcement mechanisms to guarantee type safety within conforming code regions, covering pointer/reference initialization, range checking, nullptr avoidance, casts, unions, and lifetime management. The paper targets EWG, SG12, SG20, and SG23 for discussion of profiles as a path to safer C++ without language subsetting.

Pipeline: Discovery (Anthropic Opus + Citations API) → Verification Gate (OpenRouter Opus) → Report Writer (OpenRouter Opus)
Provenance: All references are machine-verified character positions from the Anthropic Citations API — deterministic, exact substrings, not model-generated quotes.