diff options
Diffstat (limited to 'libcxx/docs')
| -rw-r--r-- | libcxx/docs/Hardening.rst | 68 | ||||
| -rw-r--r-- | libcxx/docs/ReleaseNotes/21.rst | 6 | ||||
| -rw-r--r-- | libcxx/docs/UserDocumentation.rst | 5 |
3 files changed, 79 insertions, 0 deletions
diff --git a/libcxx/docs/Hardening.rst b/libcxx/docs/Hardening.rst index 1780884..1cdb360 100644 --- a/libcxx/docs/Hardening.rst +++ b/libcxx/docs/Hardening.rst @@ -39,6 +39,8 @@ modes are: Enabling hardening has no impact on the ABI. +.. _notes-for-users: + Notes for users --------------- @@ -72,6 +74,10 @@ to control the level by passing **one** of the following options to the compiler pre-built components. Most libc++ code is header-based, so a user-provided value for ``_LIBCPP_HARDENING_MODE`` will be mostly respected. +In some cases, users might want to override the assertion semantic used by the +library. This can be done similarly to setting the hardening mode; please refer +to the :ref:`relevant section <assertion-semantics>`. + Notes for vendors ----------------- @@ -260,6 +266,68 @@ output. This is less secure and increases the size of the binary (among other things, it has to store the error message strings) but makes the failure easier to debug. It also allows testing the error messages in our test suite. +This default behavior can be customized by users via :ref:`assertion semantics +<assertion-semantics>`; it can also be completely overridden by vendors by +providing a :ref:`custom assertion failure handler +<override-assertion-handler>`. + +.. _assertion-semantics: + +Assertion semantics +------------------- + +.. warning:: + + Assertion semantics are currently an experimental feature. + +.. note:: + + Assertion semantics are not available in the C++03 mode. + +What happens when an assertion fails depends on the assertion semantic being +used. Four assertion semantics are available, based on C++26 Contracts +evaluation semantics: + +- ``ignore`` evaluates the assertion but has no effect if it fails (note that it + differs from the Contracts ``ignore`` semantic which would not evaluate + the assertion at all); +- ``observe`` logs an error (indicating, if possible on the platform, that the + error is fatal) but continues execution; +- ``quick-enforce`` terminates the program as fast as possible via a trap + instruction. It is the default semantic for the production modes (``fast`` and + ``extensive``); +- ``enforce`` logs an error and then terminates the program. It is the default + semantic for the ``debug`` mode. + +Notes: + +- Continuing execution after a hardening check fails results in undefined + behavior; the ``observe`` semantic is meant to make adopting hardening easier + but should not be used outside of the adoption period; +- C++26 wording for Library Hardening precludes a conforming Hardened + implementation from using the Contracts ``ignore`` semantic when evaluating + hardened preconditions in the Library. Libc++ allows using this semantic for + hardened preconditions, but please be aware that using ``ignore`` does not + produce a conforming "Hardened" implementation, unlike the other semantics + above. + +The default assertion semantics are as follows: + +- ``fast``: ``quick-enforce``; +- ``extensive``: ``quick-enforce``; +- ``debug``: ``enforce``. + +The default assertion semantics can be overridden by passing **one** of the +following options to the compiler: + +- ``-D_LIBCPP_ASSERTION_SEMANTIC=_LIBCPP_ASSERTION_SEMANTIC_IGNORE`` +- ``-D_LIBCPP_ASSERTION_SEMANTIC=_LIBCPP_ASSERTION_SEMANTIC_OBSERVE`` +- ``-D_LIBCPP_ASSERTION_SEMANTIC=_LIBCPP_ASSERTION_SEMANTIC_QUICK_ENFORCE`` +- ``-D_LIBCPP_ASSERTION_SEMANTIC=_LIBCPP_ASSERTION_SEMANTIC_ENFORCE`` + +All the :ref:`same notes <notes-for-users>` apply to setting this macro as for +setting ``_LIBCPP_HARDENING_MODE``. + .. _override-assertion-handler: Overriding the assertion failure handler diff --git a/libcxx/docs/ReleaseNotes/21.rst b/libcxx/docs/ReleaseNotes/21.rst index d31ca01..74bfa97 100644 --- a/libcxx/docs/ReleaseNotes/21.rst +++ b/libcxx/docs/ReleaseNotes/21.rst @@ -88,6 +88,12 @@ Improvements and New Features - ``ctype::tolower`` and ``ctype::toupper`` have been optimized, resulting in a 2x performance improvement. +- As an experimental feature, Hardening now supports assertion semantics that allow customizing how a hardening + assertion failure is handled. The four available semantics, modeled on C++26 Contracts, are ``ignore``, ``observe``, + ``quick-enforce`` and ``enforce``. The ``observe`` semantic is intended to make it easier to adopt Hardening in + production but should not be used outside of this scenario. Please refer to the :ref:`Hardening documentation + <hardening>` for details. + Deprecations and Removals ------------------------- diff --git a/libcxx/docs/UserDocumentation.rst b/libcxx/docs/UserDocumentation.rst index 79f5908..415a599 100644 --- a/libcxx/docs/UserDocumentation.rst +++ b/libcxx/docs/UserDocumentation.rst @@ -72,6 +72,11 @@ when ``-fexperimental-library`` is passed: * ``std::chrono::tzdb`` and related time zone functionality * ``<syncstream>`` +Additionally, assertion semantics are an experimental feature that can be used +to customize the behavior of Hardening (see :ref:`here <assertion-semantics>`). +Assertion semantics mirror the evaluation semantics of C++26 Contracts but are +not a standard feature. + .. note:: Experimental libraries are experimental. * The contents of the ``<experimental/...>`` headers and the associated static |