checkedint call removal

Artur Skawina via Digitalmars-d digitalmars-d at puremagic.com
Wed Jul 30 02:36:34 PDT 2014


On 07/30/14 05:32, Walter Bright via Digitalmars-d wrote:
> 
> I still have no idea what the difference between assume(i<6) and assert(i<6) is supposed to be.

   if (!(i<6)) assert(0); // With the difference that this `assert(0)` could be omitted.

vs

   assert(i<6);


You've been suggesting exposing the assert condition and giving it
meaning other than just a harmless debugging check. That would be
very dangerous; a wrong assert could change perfectly fine code
into a buggy and unsafe one. This is not a theoretical issue:

   bool plain_assert(int i) {
      assert(i<6);
      return i==9;
   }
   bool assert_abused_as_assume(int i) {
      if (!(i<6)) assert(0);
      return i==9;
   }

The second function is already compiled into the equivalent
of `return false;`. (The assert isn't removed, but that's only
because of the `assert(0)` special case; for true asserts it would
be)

`assert` is for *verifying* assumptions. It must not allow them
to leak/escape. Otherwise a single not-100%-correct assert could
defeat critical runtime checks.

'assume' would be useful, but dangerous, like a reinterpret cast;
it would need to be @trusted.

artur


More information about the Digitalmars-d mailing list