On Tuesday, 4 August 2015 at 14:40:16 UTC, Nick Sabalausky wrote:
On 08/03/2015 11:59 AM, Dicebot wrote:
General advice - simply don't ever use -release unless you
are _very_
sure about program correctness (to the point of 100% test
coverage and
previous successful debug runs)
This is very true. I never disable asserts or bounds checking
for exactly that reason - you can NEVER conclusively determine
through prerelease testing that none of those conditions are
going to get tripped in real-world usage. ANY developer who
thinks they can is absolutely fooling themself. And what
happens for the end user WHEN one of those conditions does
occur? Memory corruption or otherwise invalid state. Things go
boom. Whee. BAD idea.
There is only ONE time when asserts or bounds checking should
EVER be disabled and that's on a per-function basis (split it
out into a separate module if you need to) AFTER profiling has
determined that specific location to be a significant
bottleneck, and the code in question has been (and will
continue to be during all future maintenance) VERY carefully
combed-over and peer-reviewed to ensure (as much as possible)
that disabling asserts/bounds checks on that localized function
cannot lead to corruption, exploits or invalid state.
Recently we had quite a lengthy discussion at work regarding
possible guidelines for using asserts, contracts and enforce (we
have similar own implementation) that would actually allow using
-release flag for release builds. And got to certain principles
that I believe may work in practice (even though they violate DbC
ideology). I will check if I can publish those here.