DIP 1006 - Preliminary Review Round 1
Timon Gehr
timon.gehr at gmx.ch
Tue Mar 6 00:07:53 UTC 2018
On 06.03.2018 00:52, ag0aep6g wrote:
> On 03/05/2018 11:57 PM, Timon Gehr wrote:
>> On 05.03.2018 22:24, ag0aep6g wrote:
>>> On 03/05/2018 10:11 PM, Walter Bright wrote:
> [...]
>>>> It is not defined behavior with -boundscheck=off.
>>>
>>> Dereferencing null is not defined with -boundscheck=off?
>>
>> This was my bad. It's not dereferencing null. The compiler is free to
>> assume 0<x.length, which means it is allowed to think that the main
>> function is dead code.
>
> How is it free to assume that?
> ...
By Walter's definition. -boundscheck=off makes the compiler assume that
all array accesses are within bounds. ("off" is a misleading term.)
> This was the full snippet (before I mutilated it in my quote):
>
> ----
> void main()@safe{
> int[] x=[];
> writeln(x[0]); // range violation even with -release
> // defined behavior even with -boundscheck=off (!)
> }
> ----
>
> There is no `assert(0<x.length);` in this one. -release doesn't do
> anything, because there are no contracts, no asserts, and main is @safe.
> -boundscheck=off just makes it so that the length isn't checked before
> x.ptr is dereferenced.
It's not checked, but the compiler may still assume that it has actually
been checked. The story is similar to asserts.
> x.ptr is null, so the code is defined to
> dereference null, no?
>
> If -boundscheck=off somehow does introduce UB here, we have the weird
> situation that using `x.ptr[0]` is more safe than in this scenario than
> `x[0]`. Because surely `x.ptr[0]` is a null dereference that's not
> affected by -boundscheck=off, right?
Yes, I think that's a good point (though it hinges on the assumption
that x.ptr[i] is equivalent to *(x.ptr+i), which I'm not sure the
specification states explicitly).
More information about the Digitalmars-d
mailing list