Make hardening_dependent a special value for choosing the assertion

semantic (rather than relying on it being not set).

Author: var-const

libcxx/CMakeLists.txt

@@ -66,16 +66,16 @@ if (NOT "${LIBCXX_HARDENING_MODE}" IN_LIST LIBCXX_SUPPORTED_HARDENING_MODES)
   message(FATAL_ERROR
     "Unsupported hardening mode: '${LIBCXX_HARDENING_MODE}'. Supported values are ${LIBCXX_SUPPORTED_HARDENING_MODES}.")
 endif()
-set(LIBCXX_SUPPORTED_ASSERTION_SEMANTICS ignore observe quick_enforce enforce)
-set(LIBCXX_ASSERTION_SEMANTIC "" CACHE STRING
+set(LIBCXX_SUPPORTED_ASSERTION_SEMANTICS hardening_dependent ignore observe quick_enforce enforce)
+set(LIBCXX_ASSERTION_SEMANTIC "hardening_dependent" CACHE STRING
   "Specify the default assertion semantic to use. This semantic will be used
   inside the compiled library and will be the default when compiling user code.
-  If not defined, the library will select the assertion semantic based on the hardening
-  mode in effect. Note that users can override this setting in their own code.
-  This does not affect the ABI. Supported values are
-  ${LIBCXX_SUPPORTED_ASSERTION_SEMANTICS}.")
+  Note that users can override this setting in their own code. This does not
+  affect the ABI. Supported values are ${LIBCXX_SUPPORTED_ASSERTION_SEMANTICS}.
+  `hardening_dependent` is a special value that instructs the library to select
+  the assertion semantic based on the hardening mode in effect.")
 
-if (NOT "${LIBCXX_ASSERTION_SEMANTIC}" STREQUAL "" AND NOT "${LIBCXX_ASSERTION_SEMANTIC}" IN_LIST LIBCXX_SUPPORTED_ASSERTION_SEMANTICS)
+if (NOT "${LIBCXX_ASSERTION_SEMANTIC}" IN_LIST LIBCXX_SUPPORTED_ASSERTION_SEMANTICS)
   message(FATAL_ERROR
     "Unsupported assertion semantic: '${LIBCXX_ASSERTION_SEMANTIC}'. Supported values are ${LIBCXX_SUPPORTED_ASSERTION_SEMANTICS}.")
 endif()
@@ -776,14 +776,16 @@ elseif (LIBCXX_HARDENING_MODE STREQUAL "extensive")
 elseif (LIBCXX_HARDENING_MODE STREQUAL "debug")
   config_define(8 _LIBCPP_HARDENING_MODE_DEFAULT)
 endif()
-if (LIBCXX_ASSERTION_SEMANTIC STREQUAL "ignore")
+if (LIBCXX_ASSERTION_SEMANTIC STREQUAL "hardening_dependent")
   config_define(2 _LIBCPP_ASSERTION_SEMANTIC_DEFAULT)
-elseif (LIBCXX_ASSERTION_SEMANTIC STREQUAL "observe")
+elseif (LIBCXX_ASSERTION_SEMANTIC STREQUAL "ignore")
   config_define(4 _LIBCPP_ASSERTION_SEMANTIC_DEFAULT)
-elseif (LIBCXX_ASSERTION_SEMANTIC STREQUAL "quick_enforce")
+elseif (LIBCXX_ASSERTION_SEMANTIC STREQUAL "observe")
   config_define(8 _LIBCPP_ASSERTION_SEMANTIC_DEFAULT)
-elseif (LIBCXX_ASSERTION_SEMANTIC STREQUAL "enforce")
+elseif (LIBCXX_ASSERTION_SEMANTIC STREQUAL "quick_enforce")
   config_define(16 _LIBCPP_ASSERTION_SEMANTIC_DEFAULT)
+elseif (LIBCXX_ASSERTION_SEMANTIC STREQUAL "enforce")
+  config_define(32 _LIBCPP_ASSERTION_SEMANTIC_DEFAULT)
 endif()
 
 if (LIBCXX_PSTL_BACKEND STREQUAL "serial")

libcxx/include/__configuration/hardening.h

@@ -135,13 +135,25 @@ _LIBCPP_HARDENING_MODE_EXTENSIVE, \
 _LIBCPP_HARDENING_MODE_DEBUG
 #endif
 
-// Hardening assertion semantics generally mirror the evaluation semantics of C++26 Contracts:
+// The library provides the macro `_LIBCPP_ASSERTION_SEMANTIC` for configuring the assertion semantic used by hardening;
+// it can be set to one of the following values:
+//
+// - `_LIBCPP_ASSERTION_SEMANTIC_IGNORE`;
+// - `_LIBCPP_ASSERTION_SEMANTIC_OBSERVE`;
+// - `_LIBCPP_ASSERTION_SEMANTIC_QUICK_ENFORCE`;
+// - `_LIBCPP_ASSERTION_SEMANTIC_ENFORCE`.
+//
+// libc++ assertion semantics generally mirror the evaluation semantics of C++26 Contracts:
 // - `ignore` evaluates the assertion but doesn't do anything if it fails (note that it differs from the Contracts
 //   `ignore` semantic which wouldn't evaluate the assertion at all);
 // - `observe` logs an error (indicating, if possible, that the error is fatal) and continues execution;
 // - `quick-enforce` terminates the program as fast as possible (via trapping);
 // - `enforce` logs an error and then terminates the program.
 //
+// Additionally, a special `hardening-dependent` value selects the assertion semantic based on the hardening mode in
+// effect: the production-capable modes (`fast` and `extensive`) map to `quick_enforce` and the `debug` mode maps to
+// `enforce`.
+//
 // Notes:
 // - Continuing execution after a hardening check fails results in undefined behavior; the `observe` semantic is meant
 //   to make adopting hardening easier but should not be used outside of this scenario;
@@ -150,42 +162,42 @@ _LIBCPP_HARDENING_MODE_DEBUG
 //   hardened preconditions, however, be aware that using `ignore` does not produce a conforming "Hardened"
 //   implementation, unlike the other semantics above.
 // clang-format off
-#  define _LIBCPP_ASSERTION_SEMANTIC_IGNORE        (1 << 1)
-#  define _LIBCPP_ASSERTION_SEMANTIC_OBSERVE       (1 << 2)
-#  define _LIBCPP_ASSERTION_SEMANTIC_QUICK_ENFORCE (1 << 3)
-#  define _LIBCPP_ASSERTION_SEMANTIC_ENFORCE       (1 << 4)
+#  define _LIBCPP_ASSERTION_SEMANTIC_HARDENING_DEPENDENT (1 << 1)
+#  define _LIBCPP_ASSERTION_SEMANTIC_IGNORE              (1 << 2)
+#  define _LIBCPP_ASSERTION_SEMANTIC_OBSERVE             (1 << 3)
+#  define _LIBCPP_ASSERTION_SEMANTIC_QUICK_ENFORCE       (1 << 4)
+#  define _LIBCPP_ASSERTION_SEMANTIC_ENFORCE             (1 << 5)
 // clang-format on
 
-// If the user or the vendor attempt to configure the assertion semantic, check that it is allowed in the current
-// environment.
-#if defined(_LIBCPP_ASSERTION_SEMANTIC) || defined(_LIBCPP_ASSERTION_SEMANTIC_DEFAULT)
+// If the user attempts to configure the assertion semantic, check that it is allowed in the current environment.
+#if defined(_LIBCPP_ASSERTION_SEMANTIC)
 #  if !_LIBCPP_HAS_EXPERIMENTAL_LIBRARY
 #    error "Assertion semantics are an experimental feature."
 #  endif
 #  if defined(_LIBCPP_CXX03_LANG)
 #    error "Assertion semantics are not available in the C++03 mode."
 #  endif
-#endif // defined(_LIBCPP_ASSERTION_SEMANTIC) || defined(_LIBCPP_ASSERTION_SEMANTIC_DEFAULT)
+#endif // defined(_LIBCPP_ASSERTION_SEMANTIC)
 
-// There are 2 ways to configure the assertion semantic, listed in order of precedence:
-// 1. The `_LIBCPP_ASSERTION_SEMANTIC` macro, defined directly by the user.
-// 2. The `LIBCXX_ASSERTION_SEMANTIC` CMake variable, set by the vendor.
-// If neither `_LIBCPP_ASSERTION_SEMANTIC` nor `LIBCXX_ASSERTION_SEMANTIC` are defined, the default mapping is used
-// which determines the semantic based on the hardening mode in effect: production-capable modes map to `quick-enforce`
-// (i.e., trap) and the `debug` mode maps to `enforce` (i.e., log and abort).
-#ifndef _LIBCPP_ASSERTION_SEMANTIC // User-provided semantic takes top priority -- don't override if set.
+// User-provided semantic takes top priority -- don't override if set.
+#ifndef _LIBCPP_ASSERTION_SEMANTIC
+
+#  ifndef _LIBCPP_ASSERTION_SEMANTIC_DEFAULT
+#    error _LIBCPP_ASSERTION_SEMANTIC_DEFAULT is not defined. This definition should be set at configuration time in \
+the `__config_site` header, please make sure your installation of libc++ is not broken.
+#  endif
 
-#  ifdef _LIBCPP_ASSERTION_SEMANTIC_DEFAULT // Vendor-provided semantic takes second priority.
+#  if _LIBCPP_ASSERTION_SEMANTIC_DEFAULT != _LIBCPP_ASSERTION_SEMANTIC_HARDENING_DEPENDENT
 #    define _LIBCPP_ASSERTION_SEMANTIC _LIBCPP_ASSERTION_SEMANTIC_DEFAULT
-#  else // Fallback: use the default mapping.
+#  else
 #    if _LIBCPP_HARDENING_MODE == _LIBCPP_HARDENING_MODE_DEBUG
 #      define _LIBCPP_ASSERTION_SEMANTIC _LIBCPP_ASSERTION_SEMANTIC_ENFORCE
 #    else
 #      define _LIBCPP_ASSERTION_SEMANTIC _LIBCPP_ASSERTION_SEMANTIC_QUICK_ENFORCE
 #    endif
-#  endif //    ifdef _LIBCPP_ASSERTION_SEMANTIC_DEFAULT
+#  endif // _LIBCPP_ASSERTION_SEMANTIC_DEFAULT != _LIBCPP_ASSERTION_SEMANTIC_HARDENING_DEPENDENT
 
-#endif // _LIBCPP_ASSERTION_SEMANTIC
+#endif // #ifndef _LIBCPP_ASSERTION_SEMANTIC
 
 // Finally, validate the selected semantic (in case the user tries setting it to an incorrect value):
 #if _LIBCPP_ASSERTION_SEMANTIC != _LIBCPP_ASSERTION_SEMANTIC_IGNORE &&                                                 \