resolved most todo and recompiled most examples and tests

2026-02-27 04:52:22 +00:00 · 2016-06-04 09:41:03 -07:00
parent 128a42c004
commit 21f228d80b
39 changed files with 430 additions and 128 deletions
--- a/include/boost/contract.hpp
+++ b/include/boost/contract.hpp
@@ -37,21 +37,9 @@ never be used directly by programmers.
 #include <boost/contract/override.hpp>
 #include <boost/contract/public_function.hpp>

-// TODO: Add a test for all operators (member and non-member ones). In theory nothing special should be needed for operators... but test it. For member operators, test them with public_function virtual overrides.
-
-// TODO: Document compile and run time performances (after creating specific tests to measure them).
+// TODO: Review all warnings for examples, tests, and also lib compilation...

 // TODO: Add all copyright and licencing info (to all files, etc.).

-// TODO: Document that default generated functions (generated default constructors, copy constructors, copy operators, destructors, move constructors, move operators, etc.) will not check contracts. Programmer have to program them in order to check contracts. Also default special operations might not be able to establish class invariants (default ctor, etc.) and/or might break it (default move operations).
-
-// TODO: Document an example that uses moved() to fully specify move semantics using contracts (similar to "test/move/contracts.cpp").
-
-// TODO: Document that there is a MSVC 2010 bug for which lambdas cannot be used in template constructor intialization list (this was fixed in MSVC 2013). Therefore, an external (static member) function must be used (possibly with bind and cref) to program constructor preconditions on MSVC 2010 instead of using lambdas.
-
-// TODO: Document that users could program (scoped) locks at top of function definitions and before the contract code so to deal with contracts in multi-threaded situations. Would these locks need to be recursive for virtual calls? Test that...
-
-// TODO: Document pre > old > post are all optional but when they are specified they must be specified in this order (rationale: this is the logical order in which to specify them, other contract programming framework allow to mix this order, that could have been implemented in this lib too but it would complicated a bit the implementation to then allow for mixed orders that will be less clear logically).
-
 #endif // #include guard

--- a/include/boost/contract/base_types.hpp
+++ b/include/boost/contract/base_types.hpp
@@ -7,8 +7,6 @@
 // file LICENSE_1_0.txt or a copy at http://www.boost.org/LICENSE_1_0.txt).
 // See: http://www.boost.org/doc/libs/release/libs/contract/doc/html/index.html

-// TODO: Document the max number of bases is 20 because of Boost.MPL vector limit. If Boost.MPL vector and related alg impl was to change to use variadic templates in the future there will be not limit to max bases (but for now this high limit is better than the extra complexity of reimpl all Boost.MPL vector, etc. within this lib with variadic templates).
-
 /** @file
 Facility to specify inheritance form base classes (to support subcontracting).
 */
@@ -38,7 +36,9 @@ base classes @c typedef can be programmed manually without using this macro (see
@param ...  Comma separated list of base classes. Each listed base must
            explicitly list its access specifier @c public, @c protected, or
            @c private, and @c virtual if present (this not always required in
-            C++ instead).
+            C++ instead). There is an intrinsic limit around 20 on the maximum
+            number of supported bases (because of similar limits for some Boost
+            libraries like Boost.MPL internally used by this library).
 */
 #define BOOST_CONTRACT_BASE_TYPES(...) void /* dummy type for typedef */

--- a/include/boost/contract/constructor.hpp
+++ b/include/boost/contract/constructor.hpp
@@ -50,7 +50,6 @@ specify_old_postcondition<> constructor(Class* obj) {
    #endif
 }

-// TODO: Document that constructor_precondition for unions must be called at the very beginning of ctor body before `boost::contract::guard c = ...` (because unions cannot have base classes, not even in C++11).
 /**
 Program preconditions for constructors.
 This class must be the very first base class of the contracted class. Also the
@@ -61,7 +60,6 @@ Unions cannot have base classes in C++ so this class can be used to declare a
 local object within the constructor function just before
@RefFunc{boost::contract::constructor} is used (see
@RefSect{advanced_topics, Advanced Topics}).
-
@see @RefSect{tutorial, Tutorial}
@tparam Class Class of contracted constructor.
 */
--- a/include/boost/contract/core/access.hpp
+++ b/include/boost/contract/core/access.hpp
@@ -25,10 +25,6 @@ Facility to declare invariants, base types, etc all as private members.
 #endif
 #include <boost/noncopyable.hpp>

-// TODO: Review all warnings for examples, tests, and also lib compilation...
-
-// TODO: Document (in a rationale) that using friend to limit lib's public API does not increase compilation times at all. I compiled with friends. Then I removed all friends, made related APIs all public and the compilation times of all test/public_function/* where exactly the same for all compilers (msvc 37 min, gcc 70 min, clang 46 min). So there is not reason at all to not use friends (plus not using friend will complicate the internal APIs because contractor names cannot be wrapped using DETAIL_NAME so they will still be made private and accessed via some sort of static DETAIL_NAME(make) member function...).
-
 namespace boost {
    namespace contract {
        class virtual_;
@@ -136,6 +132,10 @@ class access : private boost::noncopyable {
    
    // Friends (used to limit library's public API).

+    // NOTE: Using friends here and in all other places in this library does not
+    // increase compilation times (I experimented replacing all friends with
+    // public and got the same compilation times).
+
    BOOST_CONTRACT_DETAIL_DECL_DETAIL_CHECK_SUBCONTRACTED_PRE_POST_INV_Z(1,
            /* is_friend = */ 1, OO, RR, FF, CC, AArgs);
            
--- a/include/boost/contract/core/config.hpp
+++ b/include/boost/contract/core/config.hpp
@@ -16,8 +16,6 @@ Facilities to configure this library compile-time and run-time behaviour.
 // headers after that depending on the contract 0/1 macros below ensuring no
 // compilation overhead.

-// TODO: Document that when contracts are programmed in .cpp and all these lib headers are #include only from within .cpp, then a given lib can be compiled for example without inv/post, only with pre. The code that will link to that lib will not be able to enable inv/post, or disable the pre. However, if contracts are programmed in .hpp and this lib headers are #included in .hpp that are shipped to users with a given lib, users of that lib can turn on/off all contracts for the shipped lib as well.
-
 #ifdef DOXYGEN
    /**
    Define this macro to compile this library as a shared library or DLL
@@ -51,8 +49,6 @@ Facilities to configure this library compile-time and run-time behaviour.
    #define BOOST_CONTRACT_HEADER_ONLY
 #endif

-// TODO: Document that no code should in general be programmed before the contract in function definitions, but for example mutex locks can be programmed before contracts if necessary for synchronization.
-
 #ifdef DOXYGEN
    /**
    Define this macro to not lock internal library data for thread safety
@@ -80,8 +76,10 @@ Facilities to configure this library compile-time and run-time behaviour.
    to support a maximum number of arguments different than @c 10 for
    overriding public functions (contracted via
    @RefFunc{boost::contract::public_function}).
+    (Compilation times of this library were measured to be comparable between
+    compilers that support variadic macros and compilers that do not.)
    @note   Regardless of the value of this macro and of compiler support for
-            variadic macros, there is an intrinsic limit around 19 arguments
+            variadic macros, there is an intrinsic limit around 18 arguments
            for overriding public functions (because of similar limits for some
            Boost libraries like Boost.MPL and Boost.FunctionTypes internally
            used by this library).
--- a/include/boost/contract/core/exception.hpp
+++ b/include/boost/contract/core/exception.hpp
@@ -387,7 +387,7 @@ This is equivalent to calling both
 */
 void /** @cond */ BOOST_CONTRACT_DETAIL_DECLSPEC /** @endcond */
 set_invariant_failure(assertion_failure_handler const& f)
-        /** @cond */ OOST_NOEXCEPT_OR_NOTHROW /** @endcond */;
+        /** @cond */ BOOST_NOEXCEPT_OR_NOTHROW /** @endcond */;

 /**
 Set the all contract failure handlers at once (for convenience).
--- a/include/boost/contract/core/virtual.hpp
+++ b/include/boost/contract/core/virtual.hpp
@@ -120,8 +120,7 @@ class virtual_ : private boost::noncopyable { // Avoid copy queue, stack, etc.
    // Friends (used to limit library's public API).

    friend bool copy_old(virtual_*);
-    
-    friend class convertible_old;
+    friend class old_pointer;

    BOOST_CONTRACT_DETAIL_DECL_DETAIL_CHECK_SUBCONTRACTED_PRE_POST_INV_Z(1,
            /* is_friend = */ 1, OO, RR, FF, CC, AArgs);
--- a/include/boost/contract/detail/check_guard.hpp
+++ b/include/boost/contract/detail/check_guard.hpp
@@ -26,7 +26,6 @@ public:

 private:
    static bool checking_;
-    // TODO: Document this (and also exception handler mutexes) introduce global locks when checking contracts...
    #ifndef BOOST_CONTRACT_DISABLE_THREADS
        static boost::mutex mutex_;
    #endif
--- a/include/boost/contract/detail/condition/check_base.hpp
+++ b/include/boost/contract/detail/condition/check_base.hpp
@@ -89,7 +89,6 @@ protected:
    #ifndef BOOST_CONTRACT_NO_POSTCONDITIONS
        void copy_old() {
            if(failed()) return;
-            // TODO: Document that when old copies throw, using .old() calls post failure handler (more correct), while using = OLDOF makes enclosing user function throw (less correct). Plus of course using .old() makes old copies after inv and pre are checked, while using = OLDOF makes old copies before inv and pre checking (this is less correct in theory, but it should not really matter in most practical cases unless the old copy are programmed assuming inv and pre are satisfied). Also document in a rationale that it would be possible to wrap all old.hpp operations (old_ptr copy constructor, make_old, etc.) in try-catch statements so for this lib to call postcondition_failure handler also when ... = OLDOF is used. However, in that case this lib cannot populate the from parameter (and destructors can have postconditions so from would be necessary for ... = OLDOF used in a destructor) so the authors decided to not do that and leave that in the hands of the programmers (that can manually wrap ... = OLDOF with a try-catch in their user code if necessary, or better just use .old(...) when calling the failure handler for old value copies is important).
            try { if(old_) old_(); }
            catch(...) { fail(&boost::contract::postcondition_failure); }
        }
@@ -109,7 +108,6 @@ protected:
    #endif

 private:
-    // TODO: Document all BOOST_CONTRACT_ERROR_... and BOOST_STATIC_ASSERT_MSG errors (in an annex...).
    bool BOOST_CONTRACT_ERROR_missing_guard_declaration;
    bool guard_asserted_; // Avoid throwing twice from dtors (undef behavior).
    #if !defined(BOOST_CONTRACT_NO_PRECONDITIONS) || \
--- a/include/boost/contract/detail/inlined/core/exception.hpp
+++ b/include/boost/contract/detail/inlined/core/exception.hpp
@@ -61,7 +61,7 @@ bad_virtual_result_cast::bad_virtual_result_cast(char const* from_type_name,

 bad_virtual_result_cast::~bad_virtual_result_cast() {}

-char const* bad_virtual_result_cast::what() const BOOST_NOEXCEPT {
+char const* bad_virtual_result_cast::what() const BOOST_NOEXCEPT_OR_NOTHROW {
    return what_.c_str();
 }

@@ -76,7 +76,7 @@ assertion_failure::assertion_failure(char const* const code) :

 assertion_failure::~assertion_failure() {}

-char const* assertion_failure::what() const BOOST_NOEXCEPT {
+char const* assertion_failure::what() const BOOST_NOEXCEPT_OR_NOTHROW {
    return what_.c_str();
 }

--- a/include/boost/contract/old.hpp
+++ b/include/boost/contract/old.hpp
@@ -324,7 +324,6 @@ private:
    #endif

    friend class old_pointer;
-
    friend old_value null_old();
 /** @endcond */
 };
@@ -433,7 +432,6 @@ private:
    #endif
    
    friend old_pointer make_old(old_value const&);
-
    friend old_pointer make_old(virtual_*, old_value const&);
 /** @endcond */
 };
--- a/include/boost/contract/override.hpp
+++ b/include/boost/contract/override.hpp
@@ -76,7 +76,7 @@ subcontracting).
    /* PUBLIC */

    #define BOOST_CONTRACT_NAMED_OVERRIDE(override_name, function_name) \
-        struct name { \
+        struct override_name { \
            BOOST_CONTRACT_DETAIL_INTROSPECTION_HAS_MEMBER_FUNCTION( \
                BOOST_CONTRACT_DETAIL_NAME1(has_member_function), \
                function_name \
@@ -97,7 +97,7 @@ subcontracting).
                            @RefSect{advanced_topics, Advanced Topics}).
    */
    #define BOOST_CONTRACT_NAMED_OVERRIDE(override_name, function_name) \
-            struct name {}; /* empty type (not used) just to compile code */
+            struct override_name {}; /* empty (not used), just to compile */
 #endif
    
 /* PUBLIC */
--- a/include/boost/contract/public_function.hpp
+++ b/include/boost/contract/public_function.hpp
@@ -13,10 +13,6 @@ Overloads are provided to handle static, virtual void, virtual non-void,
 overriding void, and override non-void public functions.
 */

-// TODO: Document that even with variadic templates there's a hard limit to function max args (18 works, but MAX_ARGS=19 does not). This limit comes from Boost.MPL (vector, push_back, etc.), Boost.FunctionTypes, and other Boost algorithm that do not currently have a variadic template implementation. However, re-impl all these Boost alg would be too much work for this lib, plus the 19 max args limit seems high enough, and it would eventually be removed if Boost.MPL, Boost.FunctionTypes are ever ported to impl that use variadic templates.
-
-// TODO: Document that not using variadic templates (i.e., using pp meta-programming impl instead) does not increase compilation times (I measured this with the max_arg test program).
-
 #include <boost/contract/detail/all_core_headers.hpp>
 #include <boost/contract/detail/decl.hpp>
 #include <boost/contract/detail/tvariadic.hpp>
@@ -149,7 +145,6 @@ specify_precondition_old_postcondition<> public_function(Class* obj) {
    #define BOOST_CONTRACT_PUBLIC_FUNCTIONS_ 1
 #endif

-// TODO: Document no F here so cannot check consistency between VirtualResult and actual func's result type... up to user to pass the right VirtualResult...
 // For non-static, virtual, and non-overriding public functions (PRIVATE macro).
 #define BOOST_CONTRACT_PUBLIC_FUNCTION_VIRTUAL_NO_OVERRIDE_( \
        has_virtual_result) \
@@ -253,10 +248,18 @@ specify_precondition_old_postcondition<> public_function(Class* obj) {
    @param v    The contracted virtual function extra trailing parameter of type
                @RefClass{boost::contract::virtual_}<c>*</c> and with default
                value @c 0.
-    @param r    A reference to the contracted virtual function return value.
-                (This can be a local variable within the contracted function
+    @param r    A reference to the contracted virtual function return value
+                (this can be a local variable within the contracted function
                scope, but it must be set by programmers at each function
-                @c return statement.)
+                @c return statement). The type of this parameter must be the
+                same as (or compatible with) the contracted function return type
+                (this library might not be able to raise a compile-time error
+                if that is not the case (because this function does not take a
+                pointer to the contracted function or similar), but in general
+                such a type mismatch will cause a run-time error or undefined
+                behaviour). Alternatively,
+                <c>boost::optional<<i>return_type</i>></c> can be used here (see
+                @RefSect{advanced_topics, Advanced Topics}).
    @param obj  The object @c this from the scope of the contracted function.
                This object can be @c const and @c volatile depending on the
                cv-qualifier for the contracted function (volatile public
@@ -413,10 +416,15 @@ specify_precondition_old_postcondition<> public_function(Class* obj) {
    @param v    The contracted virtual function extra trailing parameter of type
                @RefClass{boost::contract::virtual_}<c>*</c> and with default
                value @c 0.
-    @param r    A reference to the contracted virtual function return value.
-                (This can be a local variable within the contracted function
+    @param r    A reference to the contracted virtual function return value
+                (this can be a local variable within the contracted function
                scope, but it must be set by programmers at each function
-                @c return statement.)
+                @c return statement). The type of this parameter must be the
+                same as (or compatible with) the contracted function return type
+                as specified by @c F (this library will generate a compile-time
+                error otherwise) Alternatively,
+                <c>boost::optional<<i>return_type</i>></c> can be used here (see
+                @RefSect{advanced_topics, Advanced Topics}).
    @param f    A pointer to the contracted function.
    @param obj  The object @c this from the scope of the contracted function.
                This object can be @c const and @c volatile depending on the