As far as I can see, N1962 does not say what to do in case of a failure while evaluating and copying an oldof expression. For example, what shall Contract Programming do if there is a memory error while taking a copy of size() to later check the following postcondition?

Hi Lorenzo, If we could agree that throwing an exception indicates that the system that hosts the program is in the state where it cannot execute our program anymore (lack of memory, threads), you could just let the thrown exception fly out of your function, as though it was the function that threw it. The function leaves objectsin the correct state: precondition was checked and held, function execution has not yet started. The downside of this solution is that it throws something that the caller might not haave expected. Another valid solution would be "if you cannot check the correctness, at least let the function work". That is, you swallow the exception and abandon checking the postcondition. On the other hand, one may want something opposite: do not let my program run unless you are absolutely sure all checks have succeeded. In this case you might want to signal it, but since it is neither precondition nor postcondition violation, perhaps you need an another callback: "on_inability_to_validate". Then anyone could do what they think is best: 1. Pass the exception 2. Skip postcondition 3. terminate Regards, &rzej