assume, assert, enforce, @safe
Andrew Godfrey via Digitalmars-d
digitalmars-d at puremagic.com
Wed Jul 30 22:15:51 PDT 2014
On Wednesday, 30 July 2014 at 22:01:23 UTC, Walter Bright wrote:
> 2. The compiler can make use of assert expressions to improve
> optimization, even in -release mode.
For the domain I'm currently working in - a
very large codebase (> 1 MLOC, C/C++) for an application program,
I have to echo what others said, and say I could not use such a
feature.
I think I can add a reason (though what's been said about the
'fuzzy middle'
between assertions and input validation, certainly rings true for
me too).
If my asserts worked this way I would have to stop using them and
build my own.
The reason is that, while I tend to assert only things that
should be true,
this codebase is not well factored and so:
a) we tend to write a lot of assertions, and
b) occasionally we learn something from them (i.e. an assertion
fires,
we go "huh", and our understanding of the codebase improves).
The point is that a priori, we can only guess whether a
particular assertion
we're considering adding is really "this program is screwed if
this condition
is true".
I don't lose sleep over this because it is safe to add our kind
of assertions.
But if adding assertions could affect the optimizer's reasoning,
then it would NOT be safe to add them, and we'd have to back way
off. I'd be comfortable using such assertions only for very
low-level components.
I can see the appeal of allowing the optimizer to do this, but I
don't understand the idea of making that the default behavior. To
me that's like array bounds-checking being off by default. And
speaking of which,
this seems like a useful example:
Surely any program which oversteps the bounds of array, is
incorrect?
It must have made some logic error (be it forgetting to validate
inputs,
or some internal reasoning that was erroneous). So we should put
asserts
on all our array accesses, asserting that they are within bounds!
So... then the optimizer can optimize away all the bounds checks.
Releae
builds need no checks of any kind. Right? :)
I'm not trying to be as facetious as that sounds, I'm saying that
your position seems to me to lead logically to the conclusion
that array bounds-checking
should be off in release.
More information about the Digitalmars-d
mailing list