On 03/05/2018 09:55 PM, Walter Bright wrote:
On 3/5/2018 7:48 AM, Timon Gehr wrote:
Again: assert is @safe. Compiler hints are @system. Why should assert
give compiler hints?
Asserts give expressions that must be true. Why not take advantage of
them?
Because it's exactly what @safe is not supposed to do. You're trusting
the programmer to get their asserts right. Trusting the programmer to
get it right is @system.
[...]> It's the programmer's option to leave those runtime checks in if he
wants to.
As far as I understand, Timon only asks for a third option: to simply
compile the code as if the asserts weren't there, without assuming that
they would pass.
That way you get a speedup from the omitted asserts, but you don't get
UB from a mistaken assert. This is not an unreasonable thing to want, is it?
You say that DMD does not currently use assert information, so -release
currently does this.
[...]
There was no "-check=off" flag before.
Yes there was, it's the "release" flag.
But the controversial aspect is not implemented. And it will be very
surprising if you ever do implement it.
I'm actually pretty shocked that -release is described that way. It
makes a point of keeping bounds checks in @safe code. The reason is that
it would be unsafe to remove them. What's the point of that when safety
is compromised anyway by assuming that asserts would pass?
