On 08/02/14 14:12, Tobias Pankrath via Digitalmars-d wrote: > On Saturday, 2 August 2014 at 11:12:42 UTC, Artur Skawina via Digitalmars-d > wrote: >> >> _`assume` is extremely dangerous_. > > You sure can come up with an example where -release (and only with release > the problem exists) results in equally dangerous behaviour by overwriting > memory due to disabled bound checks.
`assume` (ie Walter's version of assert) is much worse because even if there are uncoditionally-enabled open-coded bounds checks, the compiler will silently skip them. This: ------------------------------------------------------------------ auto fx(ubyte* p, size_t len) @safe { assert_(len>0); if (len>=1) return p[0]; return -1; } ------------------------------------------------------------------ turns into: ------------------------------------------------------------------ 00000000004029a0 <@safe int fx(ubyte*, ulong)>: 4029a0: 0f b6 07 movzbl (%rdi),%eax 4029a3: c3 retq ------------------------------------------------------------------ Keep in mind that the `assert` can be elsewhere, in a different function and/or module, and can even be written in a different language. The D-asserts will propagate into C code, just like in my previous example. artur