it does do bounds checks if you -fsanitize=bounds, in gcc at least

(and msvc is stuck on partial c11 support to this day, so imo, i don't quite think it's a fair target when comparing things to new features anyway)

> I like how it's handled in Herb's cpp2/cppfront. If the type implements certain methods (like size()), and you turn on bounds checking, then the indexing operations (which are unsafe) are wrapped in i < c.size() ? c[i] : <throw or abort>.

For what it's worth, something similar was proposed in the C++26 core profiles paper [0] and that particular bit got some pushback. From a reponse paper [1]:

> The paper’s suggested approach includes adding bounds checking to containers solely based on a duck-typed deduction using the availability of operators and member functions without knowing for sure what purpose the container serves, what those members do, or even whether the class is, in fact, a container at all. [P3081]’s proposal would cause a wide variety of existing, perfectly valid code to fail unpredictably at run time:

> — Containers that are not zero-indexed

> — Sparse containers

> — Map-like types the compiler cannot detect as being map-like

> — A two-color image where size() is in bytes but for which indexing is by pixel (i.e., by bit)

> — Ring-like containers

> — Containers that automatically grow.

> [P3081] also fails to consider that some library vendors already (and will continue in the future to) choose to put contract preconditions on their operator[], which would result in double and possibly inconsistent checking.

[0]: https://wg21.link/P3081

[1]: https://wg21.link/P3543