assume, assert, enforce, @safe
Tobias Müller via Digitalmars-d
digitalmars-d at puremagic.com
Wed Jul 30 16:51:30 PDT 2014
Walter Bright <newshound2 at digitalmars.com> wrote:
> 2. The compiler can make use of assert expressions to improve
> optimization, even in -release mode.
I can see the benefits of that, but I consider it very dangerous.
It similar to undefined behavior in C/C++. There the 'assume/assert' is
implicit not explicit, but it's still the same effect.
If the assume/assert is hidden somewhere in a function you basically
introduce new traps for UB.
Initially I was strong proponent of such optimizations:
(a + a)/2 can be optimized to just a for signed integers, that's nice, the
classic example. This inserts an implicit assume(a < INT_MAX/2).
My opinion suddenly changed when I realized that such assumptions (explicit
or implicit) can also propagate up/backwards and leak into a bigger
context.
A wrong assumption can introduce bugs in seemingly unrelated parts of the
program that would actually be correct on their own.
With relatively 'dumb' compilers, this is not a big problem, but optimizers
are more and more clever and will take profit of such assumptions if they
can.
Tobi
More information about the Digitalmars-d
mailing list