P4015R0 — Enforcing Contract Conditions with Statements
(9 items)
Evolution Working Group
This paper explores a design direction for C++26 contracts where enforcement behavior is specified through statements within function bodies rather than within declarations. The core insight is that placing enforcement semantics in declarations turns agreed-upon rules into 'offers' that optimizers can exploit, potentially introducing vulnerabilities when library implementations change. The paper proposes novel statements (enforce_preconditions, enforce_postconditions_on_return, enforce_preconditions_on_call, enforce_postconditions_on_call) that separate the agreement on conditions from their enforcement, though the author explicitly states this is informational and does not advocate for adoption in C++26 or C++29.
- Section 2.3, page 3 — Production name enforce_return_condition_statement does not match its keyword enforce_condition_on_return; the paper's own convention (Sections 2.1, 2.2) names productions after their keyword, so this should be enforce_condition_on_return_statement. [1]
- Section 2.4, page 4 — Production name enforce_postconditions_statement does not match its keyword enforce_postconditions_on_return; by the same convention it should be enforce_postconditions_on_return_statement. [2]
- Section 2.5, page 4 — Prose references enforce_postconditions, which is never defined; the paper defines enforce_postconditions_on_return (Section 2.4). [3]
- Document header, page 1 — Date is 2026-02-16, likely one year in the future; context (C++26 not yet finalized, R0 revision) indicates 2025-02-16 was intended. [4]
- Section 1, page 2, paragraph following foo.h code sample — "rather that simple pre" should be "rather than simple pre". [5]
References — Anthropic Citations API
[1]
"// foo.h #include
extern char foo_buffer[64];
void foo( char[] text, std::size_t text_length )
always_enforced_pre( text_length <= sizeof(foo_buffer) );
By using always_enforced_pre..."
"// foo.h #include
[2]
"enforce_return_condition_statement: enforce_condition_on_return ( result-name-introduceropt conditional-expression ) ;"
"enforce_return_condition_statement: enforce_condition_on_return ( result-name-introduceropt conditional-expression ) ;"
[3]
"enforce_postconditions_statement: enforce_postconditions_on_return ;"
"enforce_postconditions_statement: enforce_postconditions_on_return ;"
[4]
"Like enforce_preconditions and enforce_postconditions, these statements perform contract enforcement"
"Like enforce_preconditions and enforce_postconditions, these statements perform contract enforcement"
[5]
"Document: P4015r0 Date: 2026-02-16 Reply-to: Lisa Lippincott
Audience: Evolution Working Group
Enforcing Contract Conditions with Statements
Lisa..."
"Document: P4015r0 Date: 2026-02-16 Reply-to: Lisa Lippincott
Summary: P4015R0 proposes a set of enforcement statements (enforce_condition, enforce_preconditions, enforce_condition_on_return, enforce_postconditions_on_return) that allow callers to opt into always-checked contract conditions at the call site, independent of the build mode used to compile the callee. Five items were found: two grammar production naming inconsistencies, one reference to a nonexistent identifier, a likely incorrect document date, and a typo.
Pipeline: Discovery (Anthropic Opus + Citations API) → Verification Gate (OpenRouter Opus) → Report Writer (OpenRouter Opus)
Provenance: All references are machine-verified character positions from the Anthropic Citations API — deterministic, exact substrings, not model-generated quotes.
Provenance: All references are machine-verified character positions from the Anthropic Citations API — deterministic, exact substrings, not model-generated quotes.