Date: Fri, 17 Oct 2025 11:31:54 -0400
On Oct 17, 2025, at 10:23 AM, Harald Achitz via SG21 <sg21_at_[hidden]> wrote:
On 2025-10-17 16:00, René Ferdinand Rivera Morell wrote:
--On Fri, Oct 17, 2025 at 8:53 AM Harald Achitz via SG15 <sg15_at_[hidden]> wrote:
Today's
void fun(Foo* ptr) {
my_supper_assert_macro (ptr!=nullpter);
my_supper_assert_macro(ptr->hasData());
}should not have any problems, ever
AFAIU, if my_supper_assert_macro implements something equivalent to observe, that is still UB at present. Or is it EB now?
-- René Ferdinand Rivera Morell
-- Don't Assume Anything -- No Supongas Nada
-- Robot Dreams - http://robot-dreams.net
On devices that keep you alive, one example where I have seen such super asserts in action, contracts are contracts They do not exist only sometimes.
Correct, (plain language) contracts are omnipresent. The contract checking statements above violate the function contract and are thus defective. Static analysis can diagnose such cases. For example, I would expect a contracts enabled version of Coverity to report a FORWARD_NULL issue for the above code.
I am not even sure if contracts as specified would pass regulatory requirements, I think not.
I’m not an expert on the subject by any means, but I would expect regulatory requirements to consider the manner in which the software is built; just as they consider the content of the source code and require other supply chain guards. A requirement that deployed software not contain portions for which the observe semantic is selected seems reasonable and prudent.
/Harald
Received on 2025-10-17 15:33:19