This page is a snapshot from the LWG issues list, see the Library Active Issues List for more information and the meaning of NAD Editorial status.

529. The standard encourages redundant and confusing preconditions

Section: 99 [res.on.required] Status: NAD Editorial Submitter: David Abrahams Opened: 2005-10-25 Last modified: 2016-01-28

Priority: Not Prioritized

View all issues with NAD Editorial status.

Discussion:

17.4.3.8/1 says:

Violation of the preconditions specified in a function's Required behavior: paragraph results in undefined behavior unless the function's Throws: paragraph specifies throwing an exception when the precondition is violated.

This implies that a precondition violation can lead to defined behavior. That conflicts with the only reasonable definition of precondition: that a violation leads to undefined behavior. Any other definition muddies the waters when it comes to analyzing program correctness, because precondition violations may be routinely done in correct code (e.g. you can use std::vector::at with the full expectation that you'll get an exception when your index is out of range, catch the exception, and continue). Not only is it a bad example to set, but it encourages needless complication and redundancy in the standard. For example:

  21 Strings library 
  21.3.3 basic_string capacity

  void resize(size_type n, charT c);

  5 Requires: n <= max_size()
  6 Throws: length_error if n > max_size().
  7 Effects: Alters the length of the string designated by *this as follows:

The Requires clause is entirely redundant and can be dropped. We could make that simplifying change (and many others like it) even without changing 17.4.3.8/1; the wording there just seems to encourage the redundant and error-prone Requires: clause.

[ Batavia: Alan and Pete to work. ]

[ Bellevue: NAD Editorial, this group likes N2121, Pete agrees, accepting it is Pete's business. General agreement that precondition violations are synonymous with UB. ]

Proposed resolution:

1. Change 17.4.3.8/1 to read:

Violation of the preconditions specified in a function's Required behavior: paragraph results in undefined behavior unless the function's Throws: paragraph specifies throwing an exception when the precondition is violated.

2. Go through and remove redundant Requires: clauses. Specifics to be provided by Dave A.

[ Berlin: The LWG requests a detailed survey of part 2 of the proposed resolution. ]

[ Alan provided the survey N2121. ]