Contracts, Safety, and the Art of Cat Herding

In recent years, we have seen a strong push to make C++ "safer" and "more secure". Several efforts are under way: contract assertions and library hardening have already been approved for the upcoming C++26 standard, while proposals like profiles and borrow checking are still in development. Within the C++ standardisation process, we face significant obstacles: the infamously slow and challenging ISO process, the absence of a holistic strategy, and the lack of a shared understanding of what "safety" even means. Meanwhile, outside of the standardisation process, vendors are rolling out their own bespoke tools to fill the gap and solve real-world problems.

In this keynote, we take a step back and examine how all these pieces fit into the bigger picture. What is a "correct" program, and what does it have to do with Contracts? Why are "safety" and "security" not the same thing as removing undefined behaviour? And how do all these different concepts connect?

We'll introduce a framework for reasoning about incorrect programs and present a holistic, actionable strategy for systematically mitigating undefined behaviour throughout the entire C++ language. Along the way, we also explore the human side of standardisation – the art of helping fiercely opinionated engineers find common ground – and what we can learn from it.