[phobos] enforce() vs. assert() for range primitives

[Sean Kelly]

I think it depends on how the compiler dereferences fields of an object. GCC on OSX if I have a null ptr to a struct and I try to access a field through it I'll get the data at 0x4 or wherever and the code will keep on running.  Actual segfaults happen depressingly rarely. 

Sent from my iPhone

On Aug 22, 2010, at 9:42 AM, Andrei Alexandrescu <andrei at erdani.com> wrote:

> On 08/21/2010 10:54 PM, David Simcha wrote:
>> Sounds mostly good. One thing that still bugs me, though, is the idea of
>> using enforce() in ranges like Iota that are supposed to be super cheap
>> and don't risk memory corruption even if they're in some crazy invalid
>> state.
> [snip]
> 
> Thanks for taking the time to do measurements. Rules #1-#3 leave cases like this uncovered, particularly because Rule #1 does not define "integrity". Clearly integrity should involve memory safety (which as you mentioned is not an issue with Iota).
> 
> I think this is where case-by-case judgment could help. In the case of Iota it's not difficult to define behavior even in case its invariant is broken. Testing also confirms that compulsive checking affects performance significantly. So then assert() is fine there. Generally, whenever loss of performance is significant due to checking, we could relegate checking to assert().
> 
> Regarding the null pointer, I don't think it's a memory safety issue on systems with memory protection - it's a hard error.
> 
> 
> Andrei
> _______________________________________________
> phobos mailing list
> phobos at puremagic.com
> http://lists.puremagic.com/mailman/listinfo/phobos