On Wednesday, 30 July 2014 at 14:51:34 UTC, Andrei Alexandrescu
wrote:
If assert degenerates to assume in release mode, any bugs in
the program
could potentially cause a lot more brittleness and
unexpected/undefined
behavior than they otherwise would have. In particular, code
generation
based on invalid assumptions could be memory unsafe.
I think gcc does that.
It makes more sense in C because it's not memory safe anyways. In
D, assume would not be @safe, so to have asserts become assumes
in release mode seems problematic. Perhaps the assume could be
omitted in safe code, similar to how bounds checks are retained
for safe code even in release.
Also, it's unclear to me what the optimizer would be supposed
to do if an assumption turns out to be false.
One example is a switch statement, if we hint to the compiler
(via assume) that the default case is unreachable, the compiler
can potentially generate something like a jump table with no
bounds check. To generate memory safe code, the compiler needs to
insert the bounds check even though the assume says it's not
needed.
