checkedint call removal
Artur Skawina via Digitalmars-d
digitalmars-d at puremagic.com
Sat Aug 2 05:44:15 PDT 2014
On 08/02/14 14:12, Tobias Pankrath via Digitalmars-d wrote:
> On Saturday, 2 August 2014 at 11:12:42 UTC, Artur Skawina via Digitalmars-d wrote:
>>
>> _`assume` is extremely dangerous_.
>
> You sure can come up with an example where -release (and only with release the problem exists) results in equally dangerous behaviour by overwriting memory due to disabled bound checks.
`assume` (ie Walter's version of assert) is much worse because even
if there are uncoditionally-enabled open-coded bounds checks, the
compiler will silently skip them.
This:
------------------------------------------------------------------
auto fx(ubyte* p, size_t len) @safe {
assert_(len>0);
if (len>=1)
return p[0];
return -1;
}
------------------------------------------------------------------
turns into:
------------------------------------------------------------------
00000000004029a0 <@safe int fx(ubyte*, ulong)>:
4029a0: 0f b6 07 movzbl (%rdi),%eax
4029a3: c3 retq
------------------------------------------------------------------
Keep in mind that the `assert` can be elsewhere, in a different
function and/or module, and can even be written in a different
language. The D-asserts will propagate into C code, just like in
my previous example.
artur
More information about the Digitalmars-d
mailing list