On 24.02.2017 16:29, Chris Wright wrote:
> On Fri, 24 Feb 2017 09:14:24 +0200, ketmar wrote:
>> forget about "-release" dmd arg. forget about "-boundscheck=off". no,
>> really, they won't do you any good. after all, catching a bug in your
>> program when it doesn't run in controlled environment is even more
>> important than catching a bug in debugging session! don't hate your
>> users by giving 'em software with all safety measures removed! please.
> Especially since -release disables assertions and contracts.

No. Worse. It turns failures into UB.

On Friday, 24 February 2017 at 17:18:03 UTC, Jack Stouffer wrote:
> Neither do I. But, the progenitor of that idea is that languages have understood use-cases, and that using them outside of those areas is non-optimal.

The way I see it system level programming is usually not well supported by languages. What I want is not "memory safety", but adequate tools for doing dangerous stuff like pointer arithmetics to and from SIMD representations on the stack with less chances of making mistakes. But I don't want any performance/flexibility/memory layout sacrifices or code bloat.

I don't really buy that bullet-proof and under-performing solutions is improving on system level programming. It is an improvement for application level programming and performant libraries.

A language that prevents me from using dangerous constructs is a non-solution. A language that detects that I spuriously might en up overwriting an unintended stack frame/storage is a solution. Of course, the latter is also a lot harder to create (requires formal proofs).

> I've come to believe that any program that handles personal user data made in a language without memory safety features is not only non-optimal, but irresponsible.

Maybe, but most personal user data is at some level handled by programs written in C: database engines and operating systems. Although I've noticed that the current trend is to focus less on performance and more on scaling, e.g. cochroachdb is an implementation of a Spanner like SQL database in Go.

On Fri, 24 Feb 2017 21:16:28 +0100, Timon Gehr wrote:

> On 24.02.2017 16:29, Chris Wright wrote:
>> On Fri, 24 Feb 2017 09:14:24 +0200, ketmar wrote:
>>> forget about "-release" dmd arg. forget about "-boundscheck=off". no, really, they won't do you any good. after all, catching a bug in your program when it doesn't run in controlled environment is even more important than catching a bug in debugging session! don't hate your users by giving 'em software with all safety measures removed! please.
>> Especially since -release disables assertions and contracts.
> 
> No.

It does in fact disable assertions and contracts.

> Worse. It turns failures into UB.

Which is what ketmar described.

On Friday, 24 February 2017 at 20:16:28 UTC, Timon Gehr wrote:
> On 24.02.2017 16:29, Chris Wright wrote:
>> On Fri, 24 Feb 2017 09:14:24 +0200, ketmar wrote:
>>> forget about "-release" dmd arg. forget about "-boundscheck=off". no,
>>> really, they won't do you any good. after all, catching a bug in your
>>> program when it doesn't run in controlled environment is even more
>>> important than catching a bug in debugging session! don't hate your
>>> users by giving 'em software with all safety measures removed! please.
>> Especially since -release disables assertions and contracts.
>
> No. Worse. It turns failures into UB.

How so?

On Saturday, 25 February 2017 at 00:50:36 UTC, Chris Wright wrote:
> On Fri, 24 Feb 2017 21:16:28 +0100, Timon Gehr wrote:
>> Worse. It turns failures into UB.
>
> Which is what ketmar described.

D allows asserts being turned into assumes. Which is potentially unsound.

On 25.02.2017 04:12, Chris M wrote:
> On Friday, 24 February 2017 at 20:16:28 UTC, Timon Gehr wrote:
>> On 24.02.2017 16:29, Chris Wright wrote:
>>> On Fri, 24 Feb 2017 09:14:24 +0200, ketmar wrote:
>>>> forget about "-release" dmd arg. forget about "-boundscheck=off". no,
>>>> really, they won't do you any good. after all, catching a bug in your
>>>> program when it doesn't run in controlled environment is even more
>>>> important than catching a bug in debugging session! don't hate your
>>>> users by giving 'em software with all safety measures removed! please.
>>> Especially since -release disables assertions and contracts.
>>
>> No. Worse. It turns failures into UB.
>
> How so?

With -release, the optimizer is allowed to assume that assertions pass.
There is no switch to disable assertions.

https://dlang.org/dmd-linux.html#switch-release

"compile release version, which means not emitting run-time checks for contracts and asserts. Array bounds checking is not done for system and trusted functions, and assertion failures are undefined behaviour."

On 25.02.2017 01:50, Chris Wright wrote:
> On Fri, 24 Feb 2017 21:16:28 +0100, Timon Gehr wrote:
>
>> On 24.02.2017 16:29, Chris Wright wrote:
>>> On Fri, 24 Feb 2017 09:14:24 +0200, ketmar wrote:
>>>> forget about "-release" dmd arg. forget about "-boundscheck=off". no,
>>>> really, they won't do you any good. after all, catching a bug in your
>>>> program when it doesn't run in controlled environment is even more
>>>> important than catching a bug in debugging session! don't hate your
>>>> users by giving 'em software with all safety measures removed! please.
>>> Especially since -release disables assertions and contracts.
>>
>> No.
>
> It does in fact disable assertions and contracts.
> ...

If 'disable' (as can be reasonably expected) means the compiler will behave as if they were never present, then it does not.

If it means AssertErrors will not be thrown, then this is indeed what DMD will do in practice, but it is not guaranteed by the spec.

>> Worse. It turns failures into UB.
>
> Which is what ketmar described.
>

Ketmar described the removal of safety measures. With -release, assertions pose an additional safety risk.

On Sat, 25 Feb 2017 13:23:03 +0100, Timon Gehr wrote:
> If 'disable' (as can be reasonably expected) means the compiler will behave as if they were never present, then it does not.

https://dlang.org/dmd-linux.html#switch-release

Plus I actually tested it.

> Ketmar described the removal of safety measures. With -release, assertions pose an additional safety risk.

Assertions not executing is not undefined behavior.

On Saturday, 25 February 2017 at 14:38:33 UTC, Chris Wright wrote:
> On Sat, 25 Feb 2017 13:23:03 +0100, Timon Gehr wrote:
>> If 'disable' (as can be reasonably expected) means the compiler will behave as if they were never present, then it does not.
>
> https://dlang.org/dmd-linux.html#switch-release
>
> Plus I actually tested it.
>
>> Ketmar described the removal of safety measures. With -release, assertions pose an additional safety risk.
>
> Assertions not executing is not undefined behavior.

http://forum.dlang.org/thread/hqxoldeyugkazolllsna@forum.dlang.org

On Friday, 24 February 2017 at 14:35:44 UTC, Jack Stouffer wrote:
> Why is it that test CIs catch bugs when people should be running tests locally?

CI tests all platforms, not just the one a user is on. It does it simultaneously as well. In the case of something like DMD, it's a pain in the ass to setup and run. There's no documentation on how to do it either. I think LDC's wiki has some information on how it needs to be setup but it's a bit different as they are providing information on how to run the tests the way LDC has them setup. Which is different to how it is done in DMD.