www.digitalmars.com         C & C++   DMDScript  

digitalmars.D - What's the deal with -boundscheck?

reply Andrei Alexandrescu <SeeWebsiteForEmail erdani.org> writes:
I've spent the better part of yesterday and today debugging a complex 
matter involving pointers, reduced to this:

../dmd/src/dmd -conf= -I../druntime/import  -w -dip25 -m64  -O -release 
-main -unittest generated/osx/release/64/libphobos2.a -defaultlib= 
-debuglib= -L-lcurl -run std/experimental/allocator/kernighan_ritchie.d

In this configuration, surprisingly there's no bounds checks inserted. I 
need to explicitly add -boundcheck=on.

Why the change? I've fought tooth and nail for keeping bounds checking 
in release mode and with optimizations on, precisely because I think 
it's a check that's valuable enough to warrant explicit disabling.

Could someone please explain. This is a shame.


Andrei
Apr 05 2015
next sibling parent "weaselcat" <weaselcat gmail.com> writes:
On Monday, 6 April 2015 at 02:13:42 UTC, Andrei Alexandrescu 
wrote:
 I've spent the better part of yesterday and today debugging a 
 complex matter involving pointers, reduced to this:

 ../dmd/src/dmd -conf= -I../druntime/import  -w -dip25 -m64  -O 
 -release -main -unittest generated/osx/release/64/libphobos2.a 
 -defaultlib= -debuglib= -L-lcurl -run 
 std/experimental/allocator/kernighan_ritchie.d

 In this configuration, surprisingly there's no bounds checks 
 inserted. I need to explicitly add -boundcheck=on.

 Why the change? I've fought tooth and nail for keeping bounds 
 checking in release mode and with optimizations on, precisely 
 because I think it's a check that's valuable enough to warrant 
 explicit disabling.

 Could someone please explain. This is a shame.


 Andrei
bounds checks are only enabled by default in safe code when compiled with -release http://dlang.org/dmd-linux.html
Apr 05 2015
prev sibling next sibling parent reply "deadalnix" <deadalnix gmail.com> writes:
On Monday, 6 April 2015 at 02:13:42 UTC, Andrei Alexandrescu 
wrote:
 I've spent the better part of yesterday and today debugging a 
 complex matter involving pointers, reduced to this:

 ../dmd/src/dmd -conf= -I../druntime/import  -w -dip25 -m64  -O 
 -release -main -unittest generated/osx/release/64/libphobos2.a 
 -defaultlib= -debuglib= -L-lcurl -run 
 std/experimental/allocator/kernighan_ritchie.d

 In this configuration, surprisingly there's no bounds checks 
 inserted. I need to explicitly add -boundcheck=on.

 Why the change? I've fought tooth and nail for keeping bounds 
 checking in release mode and with optimizations on, precisely 
 because I think it's a check that's valuable enough to warrant 
 explicit disabling.

 Could someone please explain. This is a shame.


 Andrei
I don't even this is the way? We have a .ptr property. One cause use it to disable bound checking.
Apr 05 2015
parent reply Walter Bright <newshound2 digitalmars.com> writes:
On 4/5/2015 7:42 PM, deadalnix wrote:
 I don't even this is the way? We have a .ptr property. One cause use it to
 disable bound checking.
I can't parse the first and third sentences.
Apr 05 2015
parent "deadalnix" <deadalnix gmail.com> writes:
On Monday, 6 April 2015 at 05:16:21 UTC, Walter Bright wrote:
 On 4/5/2015 7:42 PM, deadalnix wrote:
 I don't even this is the way? We have a .ptr property. One 
 cause use it to
 disable bound checking.
I can't parse the first and third sentences.
WTF did I wrote ?!? Ok let's make it in english. We have a .ptr property that can be used to disable bound checking. This should be the way to disable bound checking. It is unsafe, and that is good news. It also makes it visible that bound checking is bypassed.
Apr 05 2015
prev sibling parent reply Walter Bright <newshound2 digitalmars.com> writes:
On 4/5/2015 7:13 PM, Andrei Alexandrescu wrote:
 I've spent the better part of yesterday and today debugging a complex matter
 involving pointers, reduced to this:

 ../dmd/src/dmd -conf= -I../druntime/import  -w -dip25 -m64  -O -release -main
 -unittest generated/osx/release/64/libphobos2.a -defaultlib= -debuglib=
-L-lcurl
 -run std/experimental/allocator/kernighan_ritchie.d

 In this configuration, surprisingly there's no bounds checks inserted. I need
to
 explicitly add -boundcheck=on.

 Why the change? I've fought tooth and nail for keeping bounds checking in
 release mode and with optimizations on, precisely because I think it's a check
 that's valuable enough to warrant explicit disabling.

 Could someone please explain. This is a shame.
I read the code to figure out what was happening. At some point, -release was changed so that bounds checking was turned off for all but safe code. A new switch was added, -boundscheck=[on|safeonly|off]. It took me a while to find it at: http://dlang.org/dmd-linux.html because whoever added it didn't realize that the list was alphabetized and stuck it in there after -map. I don't know why the change was made.
Apr 05 2015
next sibling parent Walter Bright <newshound2 digitalmars.com> writes:
On 4/5/2015 10:15 PM, Walter Bright wrote:
 A new switch was added, -boundscheck=[on|safeonly|off]. It
 took me a while to find it at:

 http://dlang.org/dmd-linux.html

 because whoever added it didn't realize that the list was alphabetized and
stuck
 it in there after -map.
https://github.com/D-Programming-Language/dlang.org/pull/960
Apr 05 2015
prev sibling next sibling parent "Meta" <jared771 gmail.com> writes:
On Monday, 6 April 2015 at 05:15:43 UTC, Walter Bright wrote:
 I read the code to figure out what was happening.

 At some point, -release was changed so that bounds checking was 
 turned off for all but  safe code. A new switch was added, 
 -boundscheck=[on|safeonly|off]. It took me a while to find it 
 at:

 http://dlang.org/dmd-linux.html

 because whoever added it didn't realize that the list was 
 alphabetized and stuck it in there after -map.

 I don't know why the change was made.
I thought this was how bounds checking always worked. On in debug mode, off in everything except safe code in release mode. I thought -release implied no contract checking, no asserts, AND no bounds checking.
Apr 05 2015
prev sibling next sibling parent reply "Vladimir Panteleev" <vladimir thecybershadow.net> writes:
On Monday, 6 April 2015 at 05:15:43 UTC, Walter Bright wrote:
 At some point, -release was changed so that bounds checking was 
 turned off for all but  safe code.
Not quite: https://issues.dlang.org/show_bug.cgi?id=3407 https://github.com/D-Programming-Language/dmd/commit/7710e919fb4a95d775c219d2f1913a865b58c84d
Apr 05 2015
parent Walter Bright <newshound2 digitalmars.com> writes:
On 4/5/2015 11:08 PM, Vladimir Panteleev wrote:
 On Monday, 6 April 2015 at 05:15:43 UTC, Walter Bright wrote:
 At some point, -release was changed so that bounds checking was turned off for
 all but  safe code.
Not quite: https://issues.dlang.org/show_bug.cgi?id=3407 https://github.com/D-Programming-Language/dmd/commit/7710e919fb4a95d775c219d2f1913a865b58c84d
Hoisted by my own petard! Thanks for finding the discussion thread and setting the record straight.
Apr 05 2015
prev sibling next sibling parent reply "Brad Anderson" <eco gnuk.net> writes:
On Monday, 6 April 2015 at 05:15:43 UTC, Walter Bright wrote:
 On 4/5/2015 7:13 PM, Andrei Alexandrescu wrote:
 I've spent the better part of yesterday and today debugging a 
 complex matter
 involving pointers, reduced to this:

 ../dmd/src/dmd -conf= -I../druntime/import  -w -dip25 -m64  -O 
 -release -main
 -unittest generated/osx/release/64/libphobos2.a -defaultlib= 
 -debuglib= -L-lcurl
 -run std/experimental/allocator/kernighan_ritchie.d

 In this configuration, surprisingly there's no bounds checks 
 inserted. I need to
 explicitly add -boundcheck=on.

 Why the change? I've fought tooth and nail for keeping bounds 
 checking in
 release mode and with optimizations on, precisely because I 
 think it's a check
 that's valuable enough to warrant explicit disabling.

 Could someone please explain. This is a shame.
I read the code to figure out what was happening. At some point, -release was changed so that bounds checking was turned off for all but safe code.
You made that change back in 2009. https://issues.dlang.org/show_bug.cgi?id=3407 -release used to turn off all bounds checking. Andrei wanted it to stay in safe code at least so you added -noboundscheck to appease those that wanted it off even in safe code then you made it do bounds checking by default in safe code even if -release was specified. There was never an option to turn on bounds checking for all code in release mode (not until -boundscheck=on was added). Whenever we'd discuss -noboundcheck on the forums you'd have 5 people with 5 different ideas about what that option did. It was very confusing.
 A new switch was added, -boundscheck=[on|safeonly|off]. It took 
 me a while to find it at:

 http://dlang.org/dmd-linux.html

 because whoever added it didn't realize that the list was 
 alphabetized and stuck it in there after -map.
Yep, I didn't notice that.
 I don't know why the change was made.
Several reasons which I'll reproduce here from bugzilla[1]: --- 1. What -noboundscheck actually does is confusing. Its purpose is to turn off bounds checking in safe code (and all other code) which comes as a surprise to a lot of people. -release turns off bounds checking in non- safe code (which also surprises some people) but leaves it on for safe code. 2. There is currently no way to turn on bounds checking for release builds currently. 3. There is currently no way to turn off bounds checking for non- safe code without pulling in everything -release does (or turning off bounds checking for safe code too). --- No bounds checking defaults were affected by my change (or shouldn't have been, if they were it's a bug). What Andrei wants couldn't be done before this option was added. 1. https://issues.dlang.org/show_bug.cgi?id=12550
Apr 05 2015
next sibling parent Walter Bright <newshound2 digitalmars.com> writes:
On 4/5/2015 11:25 PM, Brad Anderson wrote:
 On Monday, 6 April 2015 at 05:15:43 UTC, Walter Bright wrote:
 At some point, -release was changed so that bounds checking was turned off for
 all but  safe code.
You made that change back in 2009. https://issues.dlang.org/show_bug.cgi?id=3407
I sure did. I had forgotten. Thanks to you and Vladimir for setting the record straight. And thank you for stepping in here with the rationale.
Apr 05 2015
prev sibling parent reply "Kagamin" <spam here.lot> writes:
On Monday, 6 April 2015 at 06:25:14 UTC, Brad Anderson wrote:
 You made that change back in 2009. 
 https://issues.dlang.org/show_bug.cgi?id=3407

 -release used to turn off all bounds checking. Andrei wanted it 
 to stay in safe code at least so you added -noboundscheck to 
 appease those that wanted it off even in safe code then you 
 made it do bounds checking by default in safe code even if 
 -release was specified. There was never an option to turn on 
 bounds checking for all code in release mode (not until 
 -boundscheck=on was added). Whenever we'd discuss -noboundcheck 
 on the forums you'd have 5 people with 5 different ideas about 
 what that option did. It was very confusing.
IIRC about a year ago, when the new option was introduced, -release was changed to keep bounds checking everywhere... ok, looks like it was Andrei's belief, which never made it into the source :)
Apr 06 2015
parent "Brad Anderson" <eco gnuk.net> writes:
On Monday, 6 April 2015 at 08:30:38 UTC, Kagamin wrote:
 On Monday, 6 April 2015 at 06:25:14 UTC, Brad Anderson wrote:
 You made that change back in 2009. 
 https://issues.dlang.org/show_bug.cgi?id=3407

 -release used to turn off all bounds checking. Andrei wanted 
 it to stay in safe code at least so you added -noboundscheck 
 to appease those that wanted it off even in safe code then you 
 made it do bounds checking by default in safe code even if 
 -release was specified. There was never an option to turn on 
 bounds checking for all code in release mode (not until 
 -boundscheck=on was added). Whenever we'd discuss 
 -noboundcheck on the forums you'd have 5 people with 5 
 different ideas about what that option did. It was very 
 confusing.
IIRC about a year ago, when the new option was introduced, -release was changed to keep bounds checking everywhere... ok, looks like it was Andrei's belief, which never made it into the source :)
When -boundscheck was added? Nah, it didn't make any changes to the default bound checking behavior and there was never any proposal to change the default behavior. -boundscheck was just adding more flexibility than the existing option. I'm not sure why Andrei had the impression that bounds checking was enabled universally on release builds. Probably just misremembering the outcome of issue 3407. Perhaps there was a conversation later where it was decided to make that change but the change never made it into source. I know some people are opposed but I still think there should be several variants of phobos/druntime included in the release with various flags enabled/disabled. Not every permutation but a reasonable set. -debug, -release, -release with no inlining (do we still not enable inlining anyway?) and with full bounds checking, contracts, asserts, etc.). I don't think requiring end users to rebuild phobos/druntime themselves is a reasonable expectation. Microsoft had 8 variants of their runtime available until they dropped the single threaded offering recently (now down to 4 variants).
Apr 06 2015
prev sibling parent Walter Bright <newshound2 digitalmars.com> writes:
On 4/5/2015 10:15 PM, Walter Bright wrote:
 I read the code to figure out what was happening.
The logic in the code was pretty obtuse. https://github.com/D-Programming-Language/dmd/pull/4562
Apr 05 2015