checkedint call removal
Timon Gehr via Digitalmars-d
digitalmars-d at puremagic.com
Wed Jul 30 15:16:35 PDT 2014
On 07/30/2014 11:42 PM, Walter Bright wrote:
> On 7/30/2014 2:34 PM, Timon Gehr wrote:
>> He understands that and notes that this contradicts the promise of @safe.
>
> No, it does not. @safe never promises that "all your asserts are correct".
>
> @safe's promise is one of memory safety,
Indeed it is.
> not a promise of program correctness.
There is some interplay.
void foo(size_t i,int[] a)@safe{
assert(i<a.length);
a[i] ='D'; // boom
}
Pass -release and the bounds check may be removed from the line
annotated 'boom' based on the elided but assumed to be valid assertion,
and your memory safety guarantee is out the window.
Unless one thinks incorrect programs shouldn't get any guarantees from
@safe, this is a problem.
More information about the Digitalmars-d
mailing list