assume, assert, enforce, @safe

Andrew Godfrey via Digitalmars-d digitalmars-d at puremagic.com
Wed Jul 30 22:15:51 PDT 2014 

On Wednesday, 30 July 2014 at 22:01:23 UTC, Walter Bright wrote:
> 2. The compiler can make use of assert expressions to improve 
> optimization, even in -release mode.

For the domain I'm currently working in - a
very large codebase (> 1 MLOC, C/C++) for an application program,
I have to echo what others said, and say I could not use such a 
feature.
I think I can add a reason (though what's been said about the 
'fuzzy middle'
between assertions and input validation, certainly rings true for 
me too).

If my asserts worked this way I would have to stop using them and 
build my own.
The reason is that, while I tend to assert only things that 
should be true,
this codebase is not well factored and so:
a) we tend to write a lot of assertions, and
b) occasionally we learn something from them (i.e. an assertion 
fires,
we go "huh", and our understanding of the codebase improves).

The point is that a priori, we can only guess whether a 
particular assertion
we're considering adding is really "this program is screwed if 
this condition
is true".

I don't lose sleep over this because it is safe to add our kind 
of assertions.
But if adding assertions could affect the optimizer's reasoning, 
then it would NOT be safe to add them, and we'd have to back way 
off. I'd be comfortable using such assertions only for very 
low-level components.

I can see the appeal of allowing the optimizer to do this, but I 
don't understand the idea of making that the default behavior. To 
me that's like array bounds-checking being off by default. And 
speaking of which,
this seems like a useful example:

Surely any program which oversteps the bounds of array, is 
incorrect?
It must have made some logic error (be it forgetting to validate 
inputs,
or some internal reasoning that was erroneous). So we should put 
asserts
on all our array accesses, asserting that they are within bounds!
So... then the optimizer can optimize away all the bounds checks. 
Releae
builds need no checks of any kind. Right? :)
I'm not trying to be as facetious as that sounds, I'm saying that 
your position seems to me to lead logically to the conclusion 
that array bounds-checking
should be off in release.

More information about the Digitalmars-d mailing list