On Tue, 21 Oct 2025 at 10:36, Timur Doumler <cpp_at_[hidden]> wrote:

> > After all, we seem to have converged on an agreement that
> > inter-procedural optimizations based on a locally visible definition
> > of an inline function
> > are unsound to begin with,
>
> I'm glad we agree :) it follows then that the "supply chain attack" scenario/example described in P3829 is not actually something that the P2900 spec allows. Can we agree on that too?

Yes.

> > so their conformance is.. ..perhaps not so relevant.
> I am not sure I follow. If we agree that they are unsound, why would we still want them to be conforming? If we say that they are *not* conforming, we also say that things like the "supply chain attack" scenario/example described in P3829 is something that should never happen. Wouldn't that be a good thing?

You're jumping into a conjecture a bit there. :) I'm not saying that
we would want those unsound optimizations to be conforming. But as far
as I understand,
they are not conforming anyway. Clang doesn't perform them, and didn't
need P2900 to avoid them. GCC's optimizer has a bug, with or without
P2900.
The GCC contracts implementation performs a dirty hack to work around
that problem by hoodwinking the optimizer to not see the terminate()
call,
by wrapping it in a wrapper function attributed with [[gnu::noipa]],
because none of the developers of that implementation have the
expertise
to fix the optimizer bug.