On 7/30/14, 12:54 AM, David Bregman wrote:
On Wednesday, 30 July 2014 at 03:32:50 UTC, Walter Bright wrote:
I don't either. I still have no idea what the difference between
assume(i<6) and assert(i<6) is supposed to be.
assert:
is a runtime check of the condition.
is a debugging/correctness checking feature.
is used when the expression is believed true, but is not proven so.
(if it was proven, then there is no purpose in asserting it with a
redundant runtime check that is guaranteed to never activate.)
assume:
passes a hint to the optimizer to allow better code generation.
is used when the expression is proven to be true (by the programmer,
like @trusted).
Thanks for the summary! It seems to me indeed there's little assume does
that can't be done with assert today.
The only relation between the two is that if a runtime check for (x) is
inserted at some point, it is safe to insert an assume(x) statement
afterwards, because x is known true at that point.
So then one might redefine assert to always insert an assume right
afterwards.
If assert degenerates to assume in release mode, any bugs in the program
could potentially cause a lot more brittleness and unexpected/undefined
behavior than they otherwise would have. In particular, code generation
based on invalid assumptions could be memory unsafe.
I think gcc does that.
Also, it's unclear to me what the optimizer would be supposed to do if
an assumption turns out to be false.
Andrei
