On Wednesday, March 07, 2018 14:08:35 Paolo Invernizzi via Digitalmars-d wrote: > On Wednesday, 7 March 2018 at 13:55:11 UTC, Jonathan M Davis > > wrote: > > On Wednesday, March 07, 2018 13:24:19 Paolo Invernizzi via > > > > Digitalmars-d wrote: > >> [...] > > > > That would make assertions a lot worse to use, because then > > they would be in production code slowing it down. Also, as it > > stands, -release is not supposed to violate @safe. To do that, > > you have to use -boundscheck=off to turn off bounsd checking. > > That was a very purposeful design decision, because we did not > > want -release to violate @safe, and if the compiler is allowed > > to add optimizations which are unsafe based on assertions, then > > that completely destroys the ability to have @safe code with > > -release. And if we were going to do that, why did we leave > > array bounds checking on with -release? > > > > [...] > > Jonathan, I understand your point, but still I can't find an > answer to clarify my doubts. > > Are we asking for no UB in @safe code? > Are we asking for UB in @safe code but constrained to no memory > corruptions?
@safe is all about guaranteeing memory safety. That's it's entire job. No more, no less. What happens with UB beyond that is irrelevant. If satisfying the requirement that @safe code be memory safe means that UB cannot be allowed in @safe code, then UB cannot be allowed in @safe code. If there is some form of UB that is constrained enough that it's guaranteed that it can't violate memory safety, then I don't see any reason why it can't be in @safe code any more than it can't be in @system code, because it's not violating the guarantees that @safe is intended to provide - that the code is memory safe. Other language rules may make UB illegal or explicitly allow it for one reason or another (e.g. it's supposed to be guaranteed that function arguments are evaluated left-to-right, though I'm not sure if that's ever been implemented like it's supposed to be), but in the case of @safe, it's all about what's memory safe. And what is or isn't allowed with regards to UB in @safe therefore has to be a function of what is required to guarantee that the code is memory safe. - Jonathan M Davis