Date: Tue, 14 Oct 2025 17:41:29 -0400
On 10/14/25 5:32 PM, Ville Voutilainen via SG21 wrote:
> On Wed, 15 Oct 2025 at 00:27, Tom Honermann <tom_at_[hidden]> wrote:
>> On 10/14/25 5:10 PM, Ville Voutilainen wrote:
>>
>> On Wed, 15 Oct 2025 at 00:07, Tom Honermann <tom_at_[hidden]> wrote:
>>
>> On 10/14/25 4:49 PM, Ville Voutilainen via SG15 wrote:
>>
>> On Tue, 14 Oct 2025 at 23:39, Tom Honermann <tom_at_[hidden]> wrote:
>>
>> I would be very unhappy if any implementation made observe the default.
>> But I find observe useful and see no reason to prohibit implementations
>> from offering it.
>>
>> Right. I do see such a reason, because the whole reason some of the
>> hardened implementations
>> were written to begin with is to guarantee that stdlib calls that
>> violate the hardened preconditions
>> aren't UB, ever.
>>
>> Sure, and implementors are free to not offer an observe semantic for
>> hardened preconditions. I don't see a problem.
>>
>> Right, and I do, because "are free not to offer an observe semantic"
>> is not a guarantee,
>> whereas existing practice is to offer a guarantee. I see it quite a
>> problem that WG21 is suggesting
>> to introduce UB where there was none before.
>>
>> Violating preconditions of, e.g., span<...>::operator[], resulting in UB is not new. Implementations are not required to offer a hardened implementation.
> Yes? And? Violating *hardened* preconditions resulting in UB *is* new.
Prior to hardened preconditions being added to the standard, violating
any precondition resulted in UB. Now, some of those previous
preconditions are deemed hardened and violating them is a contract
violation that, if evaluated with a non-terminating contract semantic,
results in ... UB. If you mean that the standard now includes an
additional use of the words "undefined behaavior" that will presumably
demand a reference from the UB annex, then sure, I guess that is new in
some sense. But for programmers, the UB isn't what is new; the contract
checks are what is new.
Tom.
>
>> Reliance on implementation provided guarantees for a hardened implementation is the status quo. C++26 doesn't change that. Unless I'm missing something libc++ supports observe as evidenced here and here.
> They can continue to do so even with the changes proposed in my paper.
> _______________________________________________
> SG21 mailing list
> SG21_at_[hidden]
> Subscription: https://lists.isocpp.org/mailman/listinfo.cgi/sg21
> Link to this post: http://lists.isocpp.org/sg21/2025/10/11302.php
> On Wed, 15 Oct 2025 at 00:27, Tom Honermann <tom_at_[hidden]> wrote:
>> On 10/14/25 5:10 PM, Ville Voutilainen wrote:
>>
>> On Wed, 15 Oct 2025 at 00:07, Tom Honermann <tom_at_[hidden]> wrote:
>>
>> On 10/14/25 4:49 PM, Ville Voutilainen via SG15 wrote:
>>
>> On Tue, 14 Oct 2025 at 23:39, Tom Honermann <tom_at_[hidden]> wrote:
>>
>> I would be very unhappy if any implementation made observe the default.
>> But I find observe useful and see no reason to prohibit implementations
>> from offering it.
>>
>> Right. I do see such a reason, because the whole reason some of the
>> hardened implementations
>> were written to begin with is to guarantee that stdlib calls that
>> violate the hardened preconditions
>> aren't UB, ever.
>>
>> Sure, and implementors are free to not offer an observe semantic for
>> hardened preconditions. I don't see a problem.
>>
>> Right, and I do, because "are free not to offer an observe semantic"
>> is not a guarantee,
>> whereas existing practice is to offer a guarantee. I see it quite a
>> problem that WG21 is suggesting
>> to introduce UB where there was none before.
>>
>> Violating preconditions of, e.g., span<...>::operator[], resulting in UB is not new. Implementations are not required to offer a hardened implementation.
> Yes? And? Violating *hardened* preconditions resulting in UB *is* new.
Prior to hardened preconditions being added to the standard, violating
any precondition resulted in UB. Now, some of those previous
preconditions are deemed hardened and violating them is a contract
violation that, if evaluated with a non-terminating contract semantic,
results in ... UB. If you mean that the standard now includes an
additional use of the words "undefined behaavior" that will presumably
demand a reference from the UB annex, then sure, I guess that is new in
some sense. But for programmers, the UB isn't what is new; the contract
checks are what is new.
Tom.
>
>> Reliance on implementation provided guarantees for a hardened implementation is the status quo. C++26 doesn't change that. Unless I'm missing something libc++ supports observe as evidenced here and here.
> They can continue to do so even with the changes proposed in my paper.
> _______________________________________________
> SG21 mailing list
> SG21_at_[hidden]
> Subscription: https://lists.isocpp.org/mailman/listinfo.cgi/sg21
> Link to this post: http://lists.isocpp.org/sg21/2025/10/11302.php
Received on 2025-10-14 21:41:36