On 10/14/25 5:10 PM, Ville Voutilainen wrote:
> On Wed, 15 Oct 2025 at 00:07, Tom Honermann<tom_at_[hidden]> wrote:
>> On 10/14/25 4:49 PM, Ville Voutilainen via SG15 wrote:
>>> On Tue, 14 Oct 2025 at 23:39, Tom Honermann<tom_at_[hidden]> wrote:
>>>
>>>> I would be very unhappy if any implementation made observe the default.
>>>> But I find observe useful and see no reason to prohibit implementations
>>>> from offering it.
>>> Right. I do see such a reason, because the whole reason some of the
>>> hardened implementations
>>> were written to begin with is to guarantee that stdlib calls that
>>> violate the hardened preconditions
>>> aren't UB, ever.
>> Sure, and implementors are free to not offer an observe semantic for
>> hardened preconditions. I don't see a problem.
> Right, and I do, because "are free not to offer an observe semantic"
> is not a guarantee,
> whereas existing practice is to offer a guarantee. I see it quite a
> problem that WG21 is suggesting
> to introduce UB where there was none before.

Violating preconditions of, e.g., span<...>::operator[], resulting in UB
is not new. Implementations are not required to offer a hardened
implementation.

Reliance on implementation provided guarantees for a hardened
implementation is the status quo. C++26 doesn't change that. Unless I'm
missing something libc++ supports observe as evidenced here
<https://github.com/llvm/llvm-project/blob/bed17c03fee09eabbd35eca3a8829f913a374424/libcxx/vendor/llvm/default_assertion_handler.in#L40-L60>
and here
<https://github.com/llvm/llvm-project/blob/bed17c03fee09eabbd35eca3a8829f913a374424/libcxx/include/__log_hardening_failure#L25-L36>.

Tom.