DIP 1006 - Preliminary Review Round 1

[John Colvin]

On Monday, 5 March 2018 at 10:30:12 UTC, Walter Bright wrote:
> The idea behind removal of the runtime checks is as a 
> performance optimization done on a debugged program. It's like 
> turning on or off array bounds checking. Many leave asserts and 
> array bounds checking on even in released code to ensure memory 
> safety.
>
> At a minimum, turning it off and on will illuminate just what 
> the checks are costing you.
>
> It's at the option of the programmer.

void safeCode1(int a, ref int[2] b) @safe
{
     assert(a < 2);
     b[a] = 0;
}

So, if I compile this with `-release -O`, the compiler is free to 
remove the bounds-check, which will cause a buffer overrun if `a 
 > 1`. Ok.

void safeCode2(int a, ref int[2] b) @safe
{
     b[a] = 0;
}

And here the compiler is *not* free to remove the bounds check.

This just feels bad. Adding extra failsafes for my debug program 
shouldn't make my release program less safe.