https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114663
Iain Sandoe <iains at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Ever confirmed|0 |1
Last reconfirmed|2024-04-09 00:00:00 |2024-07-08
--- Comment #2 from Iain Sandoe <iains at gcc dot gnu.org> ---
So I'd like to capture the options here (bearing in mind that the contracts
implementation here is not going to be standardised).
We're now clear, thanks to Nina's investigation that what's implemented follows
the normative text (although perhaps not the intention).
1. The issue is that, in the tests in the contracts suite, if we want to test
more than one contract in a single test case we have to compile with
-fcontract-continuation-mode=on. However, the first contract assert that fails
actually invokes UB.
2. It "all happens to work" for default compile options because our default
lowering for __builtin_unreachable() is "nothing". This means that the failing
asserts fall-through and therefore reach the next check.
3. Any different strategy (e.g. ubsan or replacing the lowering of
__builtin_unreachable (e.g. => trap)) causes this to fail.
So our options are;
1. Consider that the test cases are bad, and replace them with tests that have
only one [failing] contract per test.
2. Decide that the normative text did not follow the intentions as stated in
the discussion paragraph and fix the code to elide the runtime part.
3. Do nothing because we do not know what the eventual shape of the contracts
will be and we want to be sure to notice that axioms need some work.
While (2) is a nicer engineering solution - it seems that (3) is the right
choice for now.
So we leave the bug open - and any target effected by it would need to add an
xfail (likewise for anyone testing with ubsan).
