On 10/14/25 5:10 PM, Ville Voutilainen wrote:

On Wed, 15 Oct 2025 at 00:07, Tom Honermann <tom@honermann.net> wrote:

On 10/14/25 4:49 PM, Ville Voutilainen via SG15 wrote:

On Tue, 14 Oct 2025 at 23:39, Tom Honermann <tom@honermann.net> wrote:

I would be very unhappy if any implementation made observe the default.
But I find observe useful and see no reason to prohibit implementations
from offering it.

Right. I do see such a reason, because the whole reason some of the
hardened implementations
were written to begin with is to guarantee that stdlib calls that
violate the hardened preconditions
aren't UB, ever.

Sure, and implementors are free to not offer an observe semantic for
hardened preconditions. I don't see a problem.

Right, and I do, because "are free not to offer an observe semantic"
is not a guarantee,
whereas existing practice is to offer a guarantee. I see it quite a
problem that WG21 is suggesting
to introduce UB where there was none before.

Violating preconditions of, e.g., span<...>::operator[], resulting in UB is not new. Implementations are not required to offer a hardened implementation.

Reliance on implementation provided guarantees for a hardened implementation is the status quo. C++26 doesn't change that. Unless I'm missing something libc++ supports observe as evidenced here and here.

Tom.