@@ -39,8 +39,6 @@ modes are:
3939
4040 Enabling hardening has no impact on the ABI.
4141
42- .. _notes-for-users :
43-
4442Notes for users
4543---------------
4644
@@ -74,11 +72,6 @@ to control the level by passing **one** of the following options to the compiler
7472 pre-built components. Most libc++ code is header-based, so a user-provided
7573 value for ``_LIBCPP_HARDENING_MODE `` will be mostly respected.
7674
77- In some cases, users might want to override the assertion semantic used by the
78- library.
79- This can be done similarly to setting the hardening mode; please refer to the
80- :ref: `relevant section <assertion-semantics >`.
81-
8275Notes for vendors
8376-----------------
8477
@@ -267,60 +260,6 @@ output. This is less secure and increases the size of the binary (among other
267260things, it has to store the error message strings) but makes the failure easier
268261to debug. It also allows testing the error messages in our test suite.
269262
270- This default behavior can be customized by users via :ref: `assertion semantics
271- <assertion-semantics>`; it can also be completely overridden by vendors by
272- providing a :ref: `custom assertion failure handler
273- <override-assertion-handler>`.
274-
275- .. _assertion-semantics :
276-
277- Assertion semantics
278- -------------------
279-
280- What happens when an assertion fails depends on the assertion semantic being
281- used. Four assertion semantics are available, based on C++26 Contracts
282- evaluation semantics:
283-
284- - ``ignore `` evaluates the assertion but has no effect if it fails (note that it
285- differs from the Contracts ``ignore `` semantic which would not evaluate
286- the assertion at all);
287- - ``observe `` logs an error (indicating, if possible on the platform, that the
288- error is fatal) but continues execution;
289- - ``quick-enforce `` terminates the program as fast as possible via a trap
290- instruction. It is the default semantic for the production modes (``fast `` and
291- ``extensive ``);
292- - ``enforce `` logs an error and then terminates the program. It is the default
293- semantic for the ``debug `` mode.
294-
295- Notes:
296-
297- - Continuing execution after a hardening check fails results in undefined
298- behavior; the ``observe `` semantic is meant to make adopting hardening easier
299- but should not be used outside of the adoption period;
300- - C++26 wording for Library Hardening precludes a conforming Hardened
301- implementation from using the Contracts ``ignore `` semantic when evaluating
302- hardened preconditions in the Library. Libc++ allows using this semantic for
303- hardened preconditions, but please be aware that using ``ignore `` does not
304- produce a conforming "Hardened" implementation, unlike the other semantics
305- above.
306-
307- The default assertion semantics are as follows:
308-
309- - ``fast ``: ``quick-enforce ``;
310- - ``extensive ``: ``quick-enforce ``;
311- - ``debug ``: ``enforce ``.
312-
313- The default assertion semantics can be overridden by passing **one ** of the
314- following options to the compiler:
315-
316- - ``-D_LIBCPP_ASSERTION_SEMANTIC=_LIBCPP_ASSERTION_SEMANTIC_IGNORE ``
317- - ``-D_LIBCPP_ASSERTION_SEMANTIC=_LIBCPP_ASSERTION_SEMANTIC_OBSERVE ``
318- - ``-D_LIBCPP_ASSERTION_SEMANTIC=_LIBCPP_ASSERTION_SEMANTIC_QUICK_ENFORCE ``
319- - ``-D_LIBCPP_ASSERTION_SEMANTIC=_LIBCPP_ASSERTION_SEMANTIC_ENFORCE ``
320-
321- All the :ref: `same notes <notes-for-users >` apply to setting this macro as for
322- setting ``_LIBCPP_HARDENING_MODE ``.
323-
324263.. _override-assertion-handler :
325264
326265Overriding the assertion failure handler
0 commit comments