checkedint call removal

via Digitalmars-d digitalmars-d at puremagic.com
Mon Jul 28 12:16:23 PDT 2014


On Monday, 28 July 2014 at 15:52:23 UTC, John Colvin wrote:
>> If asserts were used as optimization constraints
>
> all available code is fair game as optimisation constraints. 
> What you are asking for is a special case for `assert` such 
> that the optimiser is blind to it.

Yes, because they are not to have side-effects. If asserts change 
behaviour, then they have side-effects.

You add "asserts" as a weak form for verification of partial 
correctness. That is based on the probability of not repeating 
the same mistake twice being less than specifying it once 
implicitly in the executed code. Then you test it with limited 
coverage of potential inputs.

That means:

1. you don't know if the specified program is correct
2. you don't know if the partial verification (which is weak) is 
correct
3. you don't know if 2. contradicts 1.

Then you remove the verification test in release. If you then 
continue to assume that 2. is true then you are potentially worse 
off than just having 1. You basically introduce contradictions by 
having a high probability of using facts that are not represented 
in the specified program (unless you have formally proven the 
facts to hold, no partial testing can cover this).

> Why should the situation be different if I use the builtin 
> `assert` instead?

No difference. Except with a builtin you can get additional 
debugger support, so that you don't have to recompile when 
following a complicated trace that trigger asserts.


More information about the Digitalmars-d mailing list