[Issue 12550] Deprecate -noboundscheck and replace with more useful -boundscheck= option

Apr 09, 2014

Gary Willoughby

Apr 10, 2014

Steven Schveighoffer

Apr 10, 2014

monarchdodra@gmail.com

Apr 10, 2014

Steven Schveighoffer

Apr 10, 2014

monarchdodra@gmail.com

Apr 10, 2014

Apr 10, 2014

Apr 10, 2014

Apr 10, 2014

Apr 10, 2014

Apr 10, 2014

Apr 10, 2014

Apr 10, 2014

Apr 12, 2014

github-bugzilla@puremagic.com

Apr 12, 2014

github-bugzilla@puremagic.com

https://issues.dlang.org/show_bug.cgi?id=12550 Gary Willoughby <dev@nomad.so> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dev@nomad.so --- Comment #1 from Gary Willoughby <dev@nomad.so> --- IIRC Andrei has mentioned that bounds checking should be the default so the flags must be for disabling this behaviour. -noboundscheck=all -noboundscheck=unsafe --

https://issues.dlang.org/show_bug.cgi?id=12550 Steven Schveighoffer <schveiguy@yahoo.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |schveiguy@yahoo.com --- Comment #2 from Steven Schveighoffer <schveiguy@yahoo.com> --- I'd like to chime in here and say that allowing disabling bounds checks on @safe code is completely wrong, and should be treated as a bug. In no case, should one be able to disable bounds checks on @safe code. Otherwise, it immediately becomes un-@safe, and @safe loses all it's credibility. The original purpose of -noboundschecks was to allow turning off bounds checks in debug code I thought, not @safe code. I have no idea why it turns off bounds checks on @safe code. I would consider that a bug. --

https://issues.dlang.org/show_bug.cgi?id=12550 monarchdodra@gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |monarchdodra@gmail.com --- Comment #3 from monarchdodra@gmail.com --- (In reply to Steven Schveighoffer from comment #2) > Otherwise, it immediately becomes un-@safe, and @safe loses all it's credibility. Think of it as an option that makes as @safe code actually @trusted. --

https://issues.dlang.org/show_bug.cgi?id=12550 --- Comment #4 from Steven Schveighoffer <schveiguy@yahoo.com> --- (In reply to monarchdodra from comment #3) > Think of it as an option that makes as @safe code actually @trusted. No. @trusted code is trusted because the developer guarantees it. @safe code is @safe because the compiler guarantees it. @safe code that has no bounds checks basically becomes unqualified code that @safe code can call. --

https://issues.dlang.org/show_bug.cgi?id=12550 --- Comment #5 from monarchdodra@gmail.com --- (In reply to Steven Schveighoffer from comment #4) > (In reply to monarchdodra from comment #3) > > > Think of it as an option that makes as @safe code actually @trusted. > > No. @trusted code is trusted because the developer guarantees it. @safe code is @safe because the compiler guarantees it. Yeah, which is why the developer uses a compiler switch that says "no need to do any checking in the safe code, I'm guaranteeing I'm making all my calls in ways that won't break this safe code". So, yes, does basically become trusted, because the developer said so. > @safe code that has no bounds checks basically becomes unqualified code that @safe code can call. *at the developper's request*. Yes. But like most things, there's a time and place for everything. At worst, it is a benching switch. Or a profiling switch to see how much the checking is costing. --

https://issues.dlang.org/show_bug.cgi?id=12550 --- Comment #6 from Steven Schveighoffer <schveiguy@yahoo.com> --- (In reply to monarchdodra from comment #5) > (In reply to Steven Schveighoffer from comment #4) > > No. @trusted code is trusted because the developer guarantees it. @safe code is @safe because the compiler guarantees it. > > Yeah, which is why the developer uses a compiler switch that says "no need to do any checking in the safe code, I'm guaranteeing I'm making all my calls in ways that won't break this safe code". So, yes, does basically become trusted, because the developer said so. The developer is not always the builder. e.g. template code. Note that the developer has this option -- use @trusted instead of @safe. > But like most things, there's a time and place for everything. At worst, it is a benching switch. Or a profiling switch to see how much the checking is costing. Change @safe to @trusted in the code to test this. --

https://issues.dlang.org/show_bug.cgi?id=12550 --- Comment #7 from Martin Krejcirik <mk@krej.cz> --- (In reply to Steven Schveighoffer from comment #6) > The developer is not always the builder. e.g. template code. Also the builder is not always the developer. It's much easier (and I would say safer), changing a command line option, than changing the code, just to test how fast it runs. Sometimes you don't care for possible bugs, you just want it to run as fast as possible. The pull request explicitly warns that this option should be used with care. Also there is a discussion about version identifiers, which should allow the developer some control over this (for example emit a warning or stop the compilation in some super secure functions). --

April 10, 2014

[Issue 12550] Deprecate -noboundscheck and replace with more useful -boundscheck= option

Posted by Steven Schveighoffer

Permalink

Steven Schveighoffer

Permalink

https://issues.dlang.org/show_bug.cgi?id=12550

--- Comment #8 from Steven Schveighoffer <schveiguy@yahoo.com> ---
(In reply to Martin Krejcirik from comment #7)
> (In reply to Steven Schveighoffer from comment #6)
> > The developer is not always the builder. e.g. template code.
> 
> Also the builder is not always the developer. It's much easier (and I would say safer), changing a command line option, than changing the code, just to test how fast it runs.

And incorrect. If you are trying to fix a performance issue, removing bounds checks on an entire program is much more damaging and fruitless than removing bounds checks on a bottleneck loop that you have read and understood.

I find the argument unconvincing that someone who is working on performance is simply going to do this as a test measure before doing their *real* profiling task.

We should do as much as possible to avoid blunt-instrument speedups that compromise the safety of systems that are *specifically* labelled safe without any care or thought. Focused optimization via profiling is a better approach in every case.

--

https://issues.dlang.org/show_bug.cgi?id=12550 Benjamin Thaut <code@benjamin-thaut.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |code@benjamin-thaut.de --- Comment #9 from Benjamin Thaut <code@benjamin-thaut.de> --- Please consider that you will scare of useres that care for maximum performance (gaming, embended) if a noboundscheck does not turn off all bounds checks. If you really care about performance you will always be wondering how much time you loose from boundschecks in safe code, especially on mobile platforms branches can be very expensive. Additinally you should not take the "tight loop optimization" idiom to seriously. Modern optimized code bases often have a "general slowness" problem. Nothing is really the hot spot, and almost all code just runs to slow. --

https://issues.dlang.org/show_bug.cgi?id=12550 --- Comment #10 from Brad Anderson <eco@gnuk.net> --- Forgot to post a link to the pull request. https://github.com/D-Programming-Language/dmd/pull/3443 --

Forums