Contracts, Undefined Behavior, and Defensive,Programming
Paul Backus
snarwin at gmail.com
Mon Jun 15 12:45:56 UTC 2020
On Monday, 15 June 2020 at 04:08:28 UTC, Dukc wrote:
> On Saturday, 13 June 2020 at 08:52:18 UTC, Johannes Pfau wrote:
>> [snip]
>
> A very good point, has not occured to me before. But I think I
> can give a more specific example of what you're trying to
> convey:
>
> ```
> @safe auto readIndex(int[] arr, size_t i)
> in (i < arr.length)
> { return arr[i];
> }
> ```
>
> Because the compiler is free to assume that the contract holds,
> it can elide the array bounds check. If it does that, it
> results in memory violation from `@safe` code.
>
> This is something that should only be possible if
> `-boundscheck=off`. Not otherwise.
Well, the compiler has an option specifically for in contracts,
`-checkaction=in=[on|off]`, so probably what should be done is to
give that option a `safeonly` value like what `-boundscheck` has.
More information about the Digitalmars-d
mailing list