Safety, undefined behavior, @safe, @trusted

dsimcha dsimcha at yahoo.com
Thu Nov 5 15:18:44 PST 2009


== Quote from Andrei Alexandrescu (SeeWebsiteForEmail at erdani.org)'s article
> Walter Bright wrote:
> > Jason House wrote:
> >> I posted in the other thread how casting to immutable/shared can be
> >> just as bad. A leaked reference prior to casting to immutable/shared
> >> is in effect the same as casting away shared. No matter how you mix
> >> thread local and shared, or mutable and immutable, you still have the
> >> same undefined behavior
> >
> > Not undefined, it's just that the compiler can't prove it's defined
> > behavior. Hence, such code would go into a trusted function.
> Are we in agreement that @safe functions have bounds checking on
> regardless of -release?
> Andrei

I'd vote for this.  I've wanted, for a while, a way to have finer-grained control
over bounds checking anyhow.  In non-performance-critical pieces of code it seems
like a no-brainer to leave it on all the time, just to be safe.  In
performance-critical code, it's a no-brainer that it has to be turned off after
debugging.

Right now I almost never use bounds checking except when I already know I have a
bug and am trying to find it because it's just too slow.  I'd love to have it as a
safety net in the 90+% of my code that isn't performance-critical.



More information about the Digitalmars-d mailing list