Contracts, Undefined Behavior, and Defensive,Programming
Dukc
ajieskola at gmail.com
Mon Jun 15 04:08:28 UTC 2020
On Saturday, 13 June 2020 at 08:52:18 UTC, Johannes Pfau wrote:
> [snip]
A very good point, has not occured to me before. But I think I
can give a more specific example of what you're trying to convey:
```
@safe auto readIndex(int[] arr, size_t i)
in (i < arr.length)
{ return arr[i];
}
```
Because the compiler is free to assume that the contract holds,
it can elide the array bounds check. If it does that, it results
in memory violation from `@safe` code.
This is something that should only be possible if
`-boundscheck=off`. Not otherwise.
More information about the Digitalmars-d
mailing list