checkedint call removal
Andrei Alexandrescu via Digitalmars-d
digitalmars-d at puremagic.com
Wed Jul 30 07:51:15 PDT 2014
On 7/30/14, 12:54 AM, David Bregman wrote:
> On Wednesday, 30 July 2014 at 03:32:50 UTC, Walter Bright wrote:
>> I don't either. I still have no idea what the difference between
>> assume(i<6) and assert(i<6) is supposed to be.
>
> assert:
> is a runtime check of the condition.
> is a debugging/correctness checking feature.
> is used when the expression is believed true, but is not proven so.
> (if it was proven, then there is no purpose in asserting it with a
> redundant runtime check that is guaranteed to never activate.)
>
> assume:
> passes a hint to the optimizer to allow better code generation.
> is used when the expression is proven to be true (by the programmer,
> like @trusted).
Thanks for the summary! It seems to me indeed there's little assume does
that can't be done with assert today.
> The only relation between the two is that if a runtime check for (x) is
> inserted at some point, it is safe to insert an assume(x) statement
> afterwards, because x is known true at that point.
So then one might redefine assert to always insert an assume right
afterwards.
> If assert degenerates to assume in release mode, any bugs in the program
> could potentially cause a lot more brittleness and unexpected/undefined
> behavior than they otherwise would have. In particular, code generation
> based on invalid assumptions could be memory unsafe.
I think gcc does that.
Also, it's unclear to me what the optimizer would be supposed to do if
an assumption turns out to be false.
Andrei
More information about the Digitalmars-d
mailing list