assume, assert, enforce, @safe

Timon Gehr via Digitalmars-d digitalmars-d at puremagic.com
Thu Jul 31 13:49:17 PDT 2014


On 07/31/2014 09:37 PM, Jonathan M Davis wrote:
> On Thursday, 31 July 2014 at 18:43:49 UTC, Ary Borenszweig wrote:
>> On 7/31/14, 4:37 AM, Walter Bright wrote:
>>> On 7/30/2014 4:05 PM, Ary Borenszweig wrote:
>>>> On 7/30/14, 7:01 PM, Walter Bright wrote:
>>>>> I'd like to sum up my position and intent on all this.
>>>>>
>>>>> 7. using enforce() to check for program bugs is utterly wrong.
>>>>> enforce()
>>>>> is a library creation, the core language does not recognize it.
>>>>
>>>> What do you suggest to use to check program bugs?
>>>
>>> assert()
>>
>> Then you are potentially releasing programs with bugs that are of
>> undefined behavior, instead of halting the program immediately.
>
> Then don't build with -release. You can even build with
> -boundscheck=safe if you want to turn off bounds checking in @system
> code like -release does. IIRC, the only things that -release does are
> disable assertions,

No, according to the OP -release assumes assertions to be true.

> disable contracts, turn assert(0) into a halt
> instruction, and disable bounds checking in @system and @trusted code.
> So, if you want to keep the assertions and contracts and whatnot in,

Unfortunately, if used pervasively, assertions and contracts and whatnot 
may actually hog the speed of a program in a way that breaks the deal.

Disabling assertions (and whatnot), assuming assertions to be true (and 
disabling whatnot) and leaving all assertions and whatnot in are 
different trade-offs, of which assuming all assertions to be true is the 
most dangerous one. Why hide this behaviour in '-release'?

> just don't use -release and use -boundscheck=safe to get the bounds
> checking changes that -release does.
>
> - Jonathan M Davis

This leaves assertions and contracts in though.



More information about the Digitalmars-d mailing list