On 08/21/2010 10:54 PM, David Simcha wrote:
Sounds mostly good. One thing that still bugs me, though, is the idea of using enforce() in ranges like Iota that are supposed to be super cheap and don't risk memory corruption even if they're in some crazy invalid state.
[snip]
Thanks for taking the time to do measurements. Rules #1-#3 leave cases like this uncovered, particularly because Rule #1 does not define "integrity". Clearly integrity should involve memory safety (which as you mentioned is not an issue with Iota).
I think this is where case-by-case judgment could help. In the case of Iota it's not difficult to define behavior even in case its invariant is broken. Testing also confirms that compulsive checking affects performance significantly. So then assert() is fine there. Generally, whenever loss of performance is significant due to checking, we could relegate checking to assert().
Regarding the null pointer, I don't think it's a memory safety issue on systems with memory protection - it's a hard error.
Andrei _______________________________________________ phobos mailing list [email protected] http://lists.puremagic.com/mailman/listinfo/phobos
