P4005R0 — A proposal for guaranteed-(quick-)enforced contracts
(2 items)
EWG
This paper proposes a guaranteed-enforced contracts facility for C++ using new keywords: entry_cond for mandatory function preconditions, return_cond for mandatory postconditions, and mandatory_assert for mandatory assertion statements. Unlike P2900 contracts, these assertions are always evaluated under either 'enforce' or 'quick_enforce' semantics and never ignored or merely observed, providing strong guarantees about program conditions that are visible even for opaque functions. The proposal also introduces ODR-differentiation based on contract conditions and recommends name mangling of assertions to make ABI breaks visible when contracts change.
- Code example in 'The main parts' section, function g — The second if (x >= 0) block in g() is unreachable. The preceding if (x == 42) return 666; else return -1; returns on all paths, so the subsequent branch and its comments describing reachable return paths are dead code. The example needs restructuring (e.g., if/else-if/else chain or separate functions) to actually illustrate the intended semantics. [1] [1]
- Additional semantic bits section, second bullet — Prose refers to guaranteed_asserts but the paper's own proposed keyword is mandatory_assert. No guaranteed_assert keyword exists in this proposal. [2]
References — Anthropic Citations API
[1]
"the conditions of return_conds and guaranteed_asserts are likewise evaluated with the 'enforce' or the 'quick_enforce' semantic, and never with 'ignore' nor 'observe'."
"the conditions of return_conds and guaranteed_asserts are likewise evaluated with the 'enforce' or the 'quick_enforce' semantic, and never with 'ignore' nor 'observe'."
[2]
chars 3423–4620
"
"
In other words,
void f(int x) entry_cond(x >= 0); void use_it() { f(-42); // entry_cond not met, will not continue to the subsequent code void(*p)(int) =..."
Summary: Proposes mandatory_assert, entry_cond, and return_cond as guaranteed-enforcement contract primitives that always evaluate and always enforce, providing a minimal contract mechanism orthogonal to the Contracts MVP. Two findings: a naming inconsistency in the prose and an unreachable-code bug in a key illustrative example.
Pipeline: Discovery (Anthropic Opus + Citations API) → Verification Gate (OpenRouter Opus) → Report Writer (OpenRouter Opus)
Provenance: All references are machine-verified character positions from the Anthropic Citations API — deterministic, exact substrings, not model-generated quotes.
Provenance: All references are machine-verified character positions from the Anthropic Citations API — deterministic, exact substrings, not model-generated quotes.