[libcxx-commits] [libcxx] [libc++][hardening] Enable comparator checks for safe mode too (PR #66458)

[Nico Weber via libcxx-commits]

nico wrote:

Summary: No strong opinion.

We ship the safe mode now (replacing the previous asserts mode), in production. I thought it was a progression that the comparators are only in the debug mode, not in safe mode, since this is kind-of expensive and it feels more like a debug than a safety thing, like ldionne says.

Given we used to ship it, I suppose we wouldn't mind shipping it again, but at the moment we're also happy with the current state (i.e. no debug comparators in safe mode), and I'd say we have a slight preference for that.

Now that we've finally updated libc++, I want to talk to our security folks about safe mode and about auditing the remaining `_LIBCPP_ASSERT_UNCATEGORIZED`s. I'll bring up this issue too. That'll take a few weeks, though.

(Some armchairing, feel free to ignore: Generally, I wouldn't be too surprised if there were more use cases than can be covered by pre-defined sets of asserts, and granular overrides like EricWF suggests would probably somewhat popular – see also clang's granular warning flags. "Every assert is overridable" is also conceptually simple :P But I also see the appeal of having a few well-supported high-quality modes.)

https://github.com/llvm/llvm-project/pull/66458