On Wed, 15 Oct 2025 at 00:41, Tom Honermann <tom_at_[hidden]> wrote:
> >> Violating preconditions of, e.g., span<...>::operator[], resulting in UB is not new. Implementations are not required to offer a hardened implementation.
> > Yes? And? Violating *hardened* preconditions resulting in UB *is* new.
>
> Prior to hardened preconditions being added to the standard, violating
> any precondition resulted in UB. Now, some of those previous
> preconditions are deemed hardened and violating them is a contract
> violation that, if evaluated with a non-terminating contract semantic,
> results in ... UB. If you mean that the standard now includes an
> additional use of the words "undefined behaavior" that will presumably
> demand a reference from the UB annex, then sure, I guess that is new in
> some sense. But for programmers, the UB isn't what is new; the contract
> checks are what is new.

Please read what I actually wrote.

For programmers, modulo when using libc++, and on a longer timescale,
even then, violating hardened preconditions resulting
in UB is new.

What is new to the standard is beside the point there.

Your statement that prior to hardened preconditions being added to the
standard, violation of any precondition resulted in UB
is correct from the perspective of the standard text in isolation, and
incorrect for practical programmers when using a hardened
implementation. They didn't hit UB,
they had a guarantee that they will not hit abstract machine UB.

Before someone chooses to explain to me that they did hit UB but the
implementation defined it, spare me, you're not telling me anything I
don't already know.