May 24, 2022
On Tuesday, 24 May 2022 at 06:55:52 UTC, Siarhei Siamashka wrote:
> 
> ....
> You just need to remember to use 'enforce' instead of 'assert'. ....

It's not correct to suggest that these are simply interchangeable.

They may appear to be similar, but they are two very different things.

For example (to just make that point):

nothrow void checkSomething(bool checkThis)
{
    //enforce(checkThis == true); // nope! enforce throws an exception.
    assert(checkThis == true); // ok.
}

May 24, 2022

On Tuesday, 24 May 2022 at 09:12:02 UTC, forkit wrote:

> >

You just need to remember to use 'enforce' instead of 'assert'. ....

It's not correct to suggest that these are simply interchangeable.

Of course they are not. Otherwise there would be no need for changing 'assert' to 'enforce' in the code in the first place.

>

For example (to just make that point):

nothrow void checkSomething(bool checkThis)
{
//enforce(checkThis == true); // nope! enforce throws an exception.
assert(checkThis == true); // ok.
}

Yes, 'enforce' is not usable in some cases, but in many cases it is. It can be probably changed to cause abort when used in 'nothrow' functions instead of failing to compile (yes, I understand that this is controversial). Or something with a different name can be introduced to cover this case.

Still my point is that having the code that behaves correctly only when used together with some special command line option is not a great idea. You never know who is going to compile your code and what kind of options they are going to use to hurt themselves. And when they do, it's you who has to provide support and do the necessary detective work to even figure out what exactly happened.

May 24, 2022
On Tuesday, 24 May 2022 at 06:12:40 UTC, forkit wrote:
> Then, in order to leave my assert's in production code, I need to 'remember' not to compile with -release, but rather -someothercrap I can't remember at the moment.

Never ever ever ever ever ever ever ever ever ever ever ever ever ever ever ever ever use -release.

It should be removed, or at least renamed to -add-random-security-holes-for-zero-benefit.

It is a terrible switch that does random bad things.
May 24, 2022
On Tuesday, 24 May 2022 at 09:05:57 UTC, Siarhei Siamashka wrote:
> So having the '-release' option, which provides reasonable and mostly optimal defaults is very useful.

It is neither reasonable nor optimal. -release enables a random set of *bad* switches that will HURT your code. It removes all the default safety features in the language for no actual benefit!

Seriously, *never* use it. It should be removed.


If you want optimization, -release doesn't do this. -O does.
May 24, 2022

On Tuesday, 24 May 2022 at 11:30:28 UTC, Adam D Ruppe wrote:

>

On Tuesday, 24 May 2022 at 09:05:57 UTC, Siarhei Siamashka wrote:

>

So having the '-release' option, which provides reasonable and mostly optimal defaults is very useful.

It is neither reasonable nor optimal. -release enables a random set of bad switches that will HURT your code. It removes all the default safety features in the language for no actual benefit!

I think that you are barking up the wrong tree.

One of the valid criticisms of D language is that it is not @safe by default. A workaround is to add "@safe:" at the top of the source files to achieve this. Does this resolve your problems?

Right now the '-release' option disables bounds checking in @system code and this is a necessary escape hatch to keep D language competitive with C++ and the other system programming languages. Many safe programming languages still allow to go the unsafe route in the performance critical parts of code to disable bounds checking and the other expensive safety features. For example, you can have a look at https://doc.rust-lang.org/book/ch19-01-unsafe-rust.html

>

Seriously, never use it. It should be removed.

What would be your suggested replacement for this very important functionality? But again, please first check @safe attribute before suggesting anything really disruptive.

Moreover, the concept of 'release' builds exists in many other programming languages and removing it from D would be weird.

May 24, 2022
On Tuesday, 24 May 2022 at 12:10:36 UTC, Siarhei Siamashka wrote:
> One of the valid criticisms of D language is that it is not @safe by default.

I don't care about @safe. I'm talking real world safety, things like automatic bounds checks.

> Right now the '-release' option disables bounds checking in @system code and this is a **necessary** escape hatch to keep D language competitive with C++ and the other system programming languages.

False. You can put `.ptr` in strategic places to disable it locally instead of bludgeoning it with a superglobal switch.

Even if you want to disable it globally (and you don't, unless you're too incompetent to be allowed to release anything to the public), there's the -boundscheck=off switch for that. Bundling it with a bunch of other things and hiding it behind a harmless-sounding "-release" thing is criminally negligent in a sane world.

May 24, 2022

On Tuesday, 24 May 2022 at 12:10:36 UTC, Siarhei Siamashka wrote:

> >

Seriously, never use it. It should be removed.

What would be your suggested replacement for this very important functionality? But again, please first check @safe attribute before suggesting anything really disruptive.

The -check, -checkaction, and -boundscheck switches can do everything -release does. They also give you more fine-grained control, so you can, e.g., disable assertions without also disabling array bounds checking.

May 24, 2022

On Monday, 23 May 2022 at 01:37:09 UTC, Paul Backus wrote:

>

We actually have this in D, it's just written weirdly:

// debug assertion
assert(condition);

// release assertion
if (!condition) assert(0);

It would probably be more intuitive if we could write release assertions as plain assert, and use debug assert for debug assertions. But the functionality is there.

I think this is better

 // debug assertion
 assert(condition);

 // release assertion
 if (!condition) throw new AssertError();

or also

 // debug assertion
 assert(condition);

 // release assertion
 if (!condition) throw new MyCustomError("My error message");

so when your program fails the final user is aware of what went wrong.

May 24, 2022

On Tuesday, 24 May 2022 at 12:19:56 UTC, Adam D Ruppe wrote:

>

On Tuesday, 24 May 2022 at 12:10:36 UTC, Siarhei Siamashka wrote:

>

One of the valid criticisms of D language is that it is not @safe by default.

I don't care about @safe. I'm talking real world safety, things like automatic bounds checks.

Please try it nevertheless. You will have automatic bounds checks in your @safe code even with the '-release' switch. That's the whole point. The @safe code remains safe and the @system or @trusted code remains fast. The choice is up to me to decide what I really want in my code on a per-function basis.

> >

Right now the '-release' option disables bounds checking in @system code and this is a necessary escape hatch to keep D language competitive with C++ and the other system programming languages.

False. You can put .ptr in strategic places to disable it locally instead of

If I didn't care about convenience, then I would be probably using Rust instead of D.

>

bludgeoning it with a superglobal switch.

This isn't what I'm doing. Please educate yourself about the @safe attribute.

>

Even if you want to disable it globally (and you don't, unless you're too incompetent to be allowed to release anything to the public), there's the -boundscheck=off switch for that. Bundling it with a bunch of other things and hiding it behind a harmless-sounding "-release" thing is criminally negligent in a sane world.

I asked you for your suggested alternative. This is your suggestion. And it's me, who is supposed to criticize your suggestion. Thanks for doing my job, but what was the purpose of posting this paragraph? Are there any other suggestions that you actually consider reasonable?

May 24, 2022
On Tuesday, 24 May 2022 at 12:51:32 UTC, Siarhei Siamashka wrote:
> Please educate yourself about the @safe attribute.

Please refrain from uninformed personal attacks.

You might notice I said "default safety features". Here's the facts.

D's default: significant safety *by default*, eliminating over 90% of C-specific bugs (which btw are a minority of actual bugs; it is important to remember to keep it in perspective). Where it is necessary to bypass these important checks, which btw is a small minority of places, you can use .ptr locally, after verifying correctness, to disable it selectively while keeping safety by default.

By contrast, once you choose to use -release, you get *security holes* by default, which is the opposite of what you want when actually releasing code to real users! You can then opt back into minimum safety checks (which you want in a vast majority of places) on a case-by-case basis by adding `@safe` (...until some poor user is told to use -boundscheck=off but that's on them, at least that switch sounds like you should think twice, unlike -release which sounds harmless while being anything but). The compiler is likely to fight you throughout this process as other library authors must also remember to opt into it.


A programming language ought to align with safety and common use. -release does the opposite of this, with very little warning.

Never using it, on the other hand, aligns with these virtues, while still letting you very conveniently bypass checks when it is genuinely necessary and beneficial.