www.digitalmars.com         C & C++   DMDScript  

digitalmars.D - What's the deal with -boundscheck?

reply Andrei Alexandrescu <SeeWebsiteForEmail erdani.org> writes:
I've spent the better part of yesterday and today debugging a complex 
matter involving pointers, reduced to this:

../dmd/src/dmd -conf= -I../druntime/import  -w -dip25 -m64  -O -release 
-main -unittest generated/osx/release/64/libphobos2.a -defaultlib= 
-debuglib= -L-lcurl -run std/experimental/allocator/kernighan_ritchie.d

In this configuration, surprisingly there's no bounds checks inserted. I 
need to explicitly add -boundcheck=on.

Why the change? I've fought tooth and nail for keeping bounds checking 
in release mode and with optimizations on, precisely because I think 
it's a check that's valuable enough to warrant explicit disabling.

Could someone please explain. This is a shame.


Andrei
Apr 05 2015
next sibling parent "weaselcat" <weaselcat gmail.com> writes:
On Monday, 6 April 2015 at 02:13:42 UTC, Andrei Alexandrescu 
wrote:

 I've spent the better part of yesterday and today debugging a 
 complex matter involving pointers, reduced to this:

 ../dmd/src/dmd -conf= -I../druntime/import  -w -dip25 -m64  -O 
 -release -main -unittest generated/osx/release/64/libphobos2.a 
 -defaultlib= -debuglib= -L-lcurl -run 
 std/experimental/allocator/kernighan_ritchie.d

 In this configuration, surprisingly there's no bounds checks 
 inserted. I need to explicitly add -boundcheck=on.

 Why the change? I've fought tooth and nail for keeping bounds 
 checking in release mode and with optimizations on, precisely 
 because I think it's a check that's valuable enough to warrant 
 explicit disabling.

 Could someone please explain. This is a shame.


 Andrei


bounds checks are only enabled by default in  safe code when 
compiled with -release
http://dlang.org/dmd-linux.html
Apr 05 2015
prev sibling next sibling parent reply "deadalnix" <deadalnix gmail.com> writes:
On Monday, 6 April 2015 at 02:13:42 UTC, Andrei Alexandrescu 
wrote:

 I've spent the better part of yesterday and today debugging a 
 complex matter involving pointers, reduced to this:

 ../dmd/src/dmd -conf= -I../druntime/import  -w -dip25 -m64  -O 
 -release -main -unittest generated/osx/release/64/libphobos2.a 
 -defaultlib= -debuglib= -L-lcurl -run 
 std/experimental/allocator/kernighan_ritchie.d

 In this configuration, surprisingly there's no bounds checks 
 inserted. I need to explicitly add -boundcheck=on.

 Why the change? I've fought tooth and nail for keeping bounds 
 checking in release mode and with optimizations on, precisely 
 because I think it's a check that's valuable enough to warrant 
 explicit disabling.

 Could someone please explain. This is a shame.


 Andrei


I don't even this is the way? We have a .ptr property. One cause 
use it to disable bound checking.
Apr 05 2015
parent reply Walter Bright <newshound2 digitalmars.com> writes:
On 4/5/2015 7:42 PM, deadalnix wrote:

 I don't even this is the way? We have a .ptr property. One cause use it to
 disable bound checking.


I can't parse the first and third sentences.
Apr 05 2015
parent "deadalnix" <deadalnix gmail.com> writes:
On Monday, 6 April 2015 at 05:16:21 UTC, Walter Bright wrote:

 On 4/5/2015 7:42 PM, deadalnix wrote:

 I don't even this is the way? We have a .ptr property. One 
 cause use it to
 disable bound checking.


 I can't parse the first and third sentences.


WTF did I wrote ?!?

Ok let's make it in english.

We have a .ptr property that can be used to disable bound 
checking. This should be the way to disable bound checking. It is 
unsafe, and that is good news. It also makes it visible that 
bound checking is bypassed.
Apr 05 2015
prev sibling parent reply Walter Bright <newshound2 digitalmars.com> writes:
On 4/5/2015 7:13 PM, Andrei Alexandrescu wrote:

 I've spent the better part of yesterday and today debugging a complex matter
 involving pointers, reduced to this:

 ../dmd/src/dmd -conf= -I../druntime/import  -w -dip25 -m64  -O -release -main
 -unittest generated/osx/release/64/libphobos2.a -defaultlib= -debuglib=
-L-lcurl
 -run std/experimental/allocator/kernighan_ritchie.d

 In this configuration, surprisingly there's no bounds checks inserted. I need
to
 explicitly add -boundcheck=on.

 Why the change? I've fought tooth and nail for keeping bounds checking in
 release mode and with optimizations on, precisely because I think it's a check
 that's valuable enough to warrant explicit disabling.

 Could someone please explain. This is a shame.


I read the code to figure out what was happening.

At some point, -release was changed so that bounds checking was turned off for 
all but  safe code. A new switch was added, -boundscheck=[on|safeonly|off]. It 
took me a while to find it at:

http://dlang.org/dmd-linux.html

because whoever added it didn't realize that the list was alphabetized and
stuck 
it in there after -map.

I don't know why the change was made.
Apr 05 2015
next sibling parent Walter Bright <newshound2 digitalmars.com> writes:
On 4/5/2015 10:15 PM, Walter Bright wrote:

 A new switch was added, -boundscheck=[on|safeonly|off]. It
 took me a while to find it at:

 http://dlang.org/dmd-linux.html

 because whoever added it didn't realize that the list was alphabetized and
stuck
 it in there after -map.


https://github.com/D-Programming-Language/dlang.org/pull/960
Apr 05 2015
prev sibling next sibling parent "Meta" <jared771 gmail.com> writes:
On Monday, 6 April 2015 at 05:15:43 UTC, Walter Bright wrote:

 I read the code to figure out what was happening.

 At some point, -release was changed so that bounds checking was 
 turned off for all but  safe code. A new switch was added, 
 -boundscheck=[on|safeonly|off]. It took me a while to find it 
 at:

 http://dlang.org/dmd-linux.html

 because whoever added it didn't realize that the list was 
 alphabetized and stuck it in there after -map.

 I don't know why the change was made.


I thought this was how bounds checking always worked. On in debug 
mode, off in everything except  safe code in release mode. I 
thought -release implied no contract checking, no asserts, AND no 
bounds checking.
Apr 05 2015
prev sibling next sibling parent reply "Vladimir Panteleev" <vladimir thecybershadow.net> writes:
On Monday, 6 April 2015 at 05:15:43 UTC, Walter Bright wrote:

 At some point, -release was changed so that bounds checking was 
 turned off for all but  safe code.


Not quite:

https://issues.dlang.org/show_bug.cgi?id=3407

https://github.com/D-Programming-Language/dmd/commit/7710e919fb4a95d775c219d2f1913a865b58c84d
Apr 05 2015
parent Walter Bright <newshound2 digitalmars.com> writes:
On 4/5/2015 11:08 PM, Vladimir Panteleev wrote:

 On Monday, 6 April 2015 at 05:15:43 UTC, Walter Bright wrote:

 At some point, -release was changed so that bounds checking was turned off for
 all but  safe code.


 Not quite:

 https://issues.dlang.org/show_bug.cgi?id=3407

 https://github.com/D-Programming-Language/dmd/commit/7710e919fb4a95d775c219d2f1913a865b58c84d



Hoisted by my own petard! Thanks for finding the discussion thread and setting 
the record straight.
Apr 05 2015
prev sibling next sibling parent reply "Brad Anderson" <eco gnuk.net> writes:
On Monday, 6 April 2015 at 05:15:43 UTC, Walter Bright wrote:

 On 4/5/2015 7:13 PM, Andrei Alexandrescu wrote:

 I've spent the better part of yesterday and today debugging a 
 complex matter
 involving pointers, reduced to this:

 ../dmd/src/dmd -conf= -I../druntime/import  -w -dip25 -m64  -O 
 -release -main
 -unittest generated/osx/release/64/libphobos2.a -defaultlib= 
 -debuglib= -L-lcurl
 -run std/experimental/allocator/kernighan_ritchie.d

 In this configuration, surprisingly there's no bounds checks 
 inserted. I need to
 explicitly add -boundcheck=on.

 Why the change? I've fought tooth and nail for keeping bounds 
 checking in
 release mode and with optimizations on, precisely because I 
 think it's a check
 that's valuable enough to warrant explicit disabling.

 Could someone please explain. This is a shame.


 I read the code to figure out what was happening.

 At some point, -release was changed so that bounds checking was 
 turned off for all but  safe code.


You made that change back in 2009. 
https://issues.dlang.org/show_bug.cgi?id=3407

-release used to turn off all bounds checking. Andrei wanted it 
to stay in safe code at least so you added -noboundscheck to 
appease those that wanted it off even in safe code then you made 
it do bounds checking by default in safe code even if -release 
was specified. There was never an option to turn on bounds 
checking for all code in release mode (not until -boundscheck=on 
was added). Whenever we'd discuss -noboundcheck on the forums 
you'd have 5 people with 5 different ideas about what that option 
did. It was very confusing.


 A new switch was added, -boundscheck=[on|safeonly|off]. It took 
 me a while to find it at:

 http://dlang.org/dmd-linux.html

 because whoever added it didn't realize that the list was 
 alphabetized and stuck it in there after -map.


Yep, I didn't notice that.


 I don't know why the change was made.


Several reasons which I'll reproduce here from bugzilla[1]:

---

1. What -noboundscheck actually does is confusing. Its purpose is 
to turn off bounds checking in  safe code (and all other code) 
which comes as a surprise to a lot of people. -release turns off 
bounds checking in non- safe code (which also surprises some 
people) but leaves it on for  safe code.
2. There is currently no way to turn on bounds checking for 
release builds currently.
3. There is currently no way to turn off bounds checking for 
non- safe code without pulling in everything -release does (or 
turning off bounds checking for  safe code too).

---

No bounds checking defaults were affected by my change (or 
shouldn't have been, if they were it's a bug). What Andrei wants 
couldn't be done before this option was added.

1. https://issues.dlang.org/show_bug.cgi?id=12550
Apr 05 2015
next sibling parent Walter Bright <newshound2 digitalmars.com> writes:
On 4/5/2015 11:25 PM, Brad Anderson wrote:

 On Monday, 6 April 2015 at 05:15:43 UTC, Walter Bright wrote:

 At some point, -release was changed so that bounds checking was turned off for
 all but  safe code.


 You made that change back in 2009.
https://issues.dlang.org/show_bug.cgi?id=3407


I sure did. I had forgotten. Thanks to you and Vladimir for setting the record 
straight. And thank you for stepping in here with the rationale.
Apr 05 2015
prev sibling parent reply "Kagamin" <spam here.lot> writes:
On Monday, 6 April 2015 at 06:25:14 UTC, Brad Anderson wrote:

 You made that change back in 2009. 
 https://issues.dlang.org/show_bug.cgi?id=3407

 -release used to turn off all bounds checking. Andrei wanted it 
 to stay in safe code at least so you added -noboundscheck to 
 appease those that wanted it off even in safe code then you 
 made it do bounds checking by default in safe code even if 
 -release was specified. There was never an option to turn on 
 bounds checking for all code in release mode (not until 
 -boundscheck=on was added). Whenever we'd discuss -noboundcheck 
 on the forums you'd have 5 people with 5 different ideas about 
 what that option did. It was very confusing.


IIRC about a year ago, when the new option was introduced, 
-release was changed to keep bounds checking everywhere... ok, 
looks like it was Andrei's belief, which never made it into the 
source :)
Apr 06 2015
parent "Brad Anderson" <eco gnuk.net> writes:
On Monday, 6 April 2015 at 08:30:38 UTC, Kagamin wrote:

 On Monday, 6 April 2015 at 06:25:14 UTC, Brad Anderson wrote:

 You made that change back in 2009. 
 https://issues.dlang.org/show_bug.cgi?id=3407

 -release used to turn off all bounds checking. Andrei wanted 
 it to stay in safe code at least so you added -noboundscheck 
 to appease those that wanted it off even in safe code then you 
 made it do bounds checking by default in safe code even if 
 -release was specified. There was never an option to turn on 
 bounds checking for all code in release mode (not until 
 -boundscheck=on was added). Whenever we'd discuss 
 -noboundcheck on the forums you'd have 5 people with 5 
 different ideas about what that option did. It was very 
 confusing.


 IIRC about a year ago, when the new option was introduced, 
 -release was changed to keep bounds checking everywhere... ok, 
 looks like it was Andrei's belief, which never made it into the 
 source :)


When -boundscheck was added? Nah, it didn't make any changes to 
the default bound checking behavior and there was never any 
proposal to change the default behavior. -boundscheck was just 
adding more flexibility than the existing option.

I'm not sure why Andrei had the impression that bounds checking 
was enabled universally on release builds. Probably just 
misremembering the outcome of issue 3407. Perhaps there was a 
conversation later where it was decided to make that change but 
the change never made it into source.

I know some people are opposed but I still think there should be 
several variants of phobos/druntime included in the release with 
various flags enabled/disabled. Not every permutation but a 
reasonable set. -debug, -release, -release with no inlining (do 
we still not enable inlining anyway?) and with full bounds 
checking, contracts, asserts, etc.). I don't think requiring end 
users to rebuild phobos/druntime themselves is a reasonable 
expectation. Microsoft had 8 variants of their runtime available 
until they dropped the single threaded offering recently (now 
down to 4 variants).
Apr 06 2015
prev sibling parent Walter Bright <newshound2 digitalmars.com> writes:
On 4/5/2015 10:15 PM, Walter Bright wrote:

 I read the code to figure out what was happening.


The logic in the code was pretty obtuse.

https://github.com/D-Programming-Language/dmd/pull/4562
Apr 05 2015