On Wed, 15 Oct 2025 at 00:27, Tom Honermann <tom_at_[hidden]> wrote:
>
> On 10/14/25 5:10 PM, Ville Voutilainen wrote:
>
> On Wed, 15 Oct 2025 at 00:07, Tom Honermann <tom_at_[hidden]> wrote:
>
> On 10/14/25 4:49 PM, Ville Voutilainen via SG15 wrote:
>
> On Tue, 14 Oct 2025 at 23:39, Tom Honermann <tom_at_[hidden]> wrote:
>
> I would be very unhappy if any implementation made observe the default.
> But I find observe useful and see no reason to prohibit implementations
> from offering it.
>
> Right. I do see such a reason, because the whole reason some of the
> hardened implementations
> were written to begin with is to guarantee that stdlib calls that
> violate the hardened preconditions
> aren't UB, ever.
>
> Sure, and implementors are free to not offer an observe semantic for
> hardened preconditions. I don't see a problem.
>
> Right, and I do, because "are free not to offer an observe semantic"
> is not a guarantee,
> whereas existing practice is to offer a guarantee. I see it quite a
> problem that WG21 is suggesting
> to introduce UB where there was none before.
>
> Violating preconditions of, e.g., span<...>::operator[], resulting in UB is not new. Implementations are not required to offer a hardened implementation.

Yes? And? Violating *hardened* preconditions resulting in UB *is* new.

> Reliance on implementation provided guarantees for a hardened implementation is the status quo. C++26 doesn't change that. Unless I'm missing something libc++ supports observe as evidenced here and here.

They can continue to do so even with the changes proposed in my paper.