[phobos] enforce() vs. assert() for range primitives
Andrei Alexandrescu
andrei at erdani.com
Sun Aug 22 06:42:06 PDT 2010
On 08/21/2010 10:54 PM, David Simcha wrote:
> Sounds mostly good. One thing that still bugs me, though, is the idea of
> using enforce() in ranges like Iota that are supposed to be super cheap
> and don't risk memory corruption even if they're in some crazy invalid
> state.
[snip]
Thanks for taking the time to do measurements. Rules #1-#3 leave cases
like this uncovered, particularly because Rule #1 does not define
"integrity". Clearly integrity should involve memory safety (which as
you mentioned is not an issue with Iota).
I think this is where case-by-case judgment could help. In the case of
Iota it's not difficult to define behavior even in case its invariant is
broken. Testing also confirms that compulsive checking affects
performance significantly. So then assert() is fine there. Generally,
whenever loss of performance is significant due to checking, we could
relegate checking to assert().
Regarding the null pointer, I don't think it's a memory safety issue on
systems with memory protection - it's a hard error.
Andrei
More information about the phobos
mailing list