checkedint call removal
David Bregman via Digitalmars-d
digitalmars-d at puremagic.com
Wed Jul 30 09:03:23 PDT 2014
On Wednesday, 30 July 2014 at 14:51:34 UTC, Andrei Alexandrescu
wrote:
>> If assert degenerates to assume in release mode, any bugs in
>> the program
>> could potentially cause a lot more brittleness and
>> unexpected/undefined
>> behavior than they otherwise would have. In particular, code
>> generation
>> based on invalid assumptions could be memory unsafe.
>
> I think gcc does that.
It makes more sense in C because it's not memory safe anyways. In
D, assume would not be @safe, so to have asserts become assumes
in release mode seems problematic. Perhaps the assume could be
omitted in safe code, similar to how bounds checks are retained
for safe code even in release.
> Also, it's unclear to me what the optimizer would be supposed
> to do if an assumption turns out to be false.
>
One example is a switch statement, if we hint to the compiler
(via assume) that the default case is unreachable, the compiler
can potentially generate something like a jump table with no
bounds check. To generate memory safe code, the compiler needs to
insert the bounds check even though the assume says it's not
needed.
More information about the Digitalmars-d
mailing list