-
Notifications
You must be signed in to change notification settings - Fork 17.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
proposal: cmd/compile: no bound check compiler directive #47529
Comments
I would very much prefer this not happen, as it breaks memory safety with no recourse. Decades of history with C have taught us that even skilled programmers enable overflows inadvertently, with dire consequences. What it does in the hands of less skilled programmers, or even skilled ones who import one inadvertently, is not to be countenanced. Go has bound checks for a reason: Humans are not good enough at guaranteeing indexes stay in bounds. Putting one's hand up and saying, "yes I am" is insufficient. |
If a human can prove a bounds check is unnecessary within a scope or func body, I would hope we can teach the compiler to do the same. That has been improving over the past half decade. |
I agree with you all but in the lesswap case for example, the closure and the sorting library (user of the closure) live in different packages. They may even be compiled at different times and places. There is nothing to teach the compiler. There is just no way it can guess lesswap should not have bound checks. Using the closure with the right/wrong indices is the library's responsibility/fault. |
If performance trumps safety for your library, perhaps consider using unsafe? Forcing the compiler to disable memory safety is practically the same, but worse since the user would not be aware that unsafe is involved. |
Related: #30582 |
This proposal has been added to the active column of the proposals project |
Why is there even a -B flag? I'd rather propose to remove that as well in stead. |
The compiler emits export data for packages, and — at least for unexported functions and function literals — it can, in theory, reason about those functions based on what they are passed to. In addition, even an exported function may be inlined or specialized at particular call sites, and techniques like profile-guided optimization may allow that to be done even in a language like Go that aims to keep build times and binary sizes low. So, at least in theory, the export data for the (Here I'm really just expounding on @mvdan's more fundamental observation in #47529 (comment). Facts that are obvious to human maintainers should also be “obvious enough” to automated tools.) |
The -B flag helps to quantify the cost of bounds checks in a program, which allows developers to decide when it is worthwhile to optimize them out. |
Based on the discussion above, this proposal seems like a likely decline. |
No change in consensus, so declined. |
Hi,
I am proposing the following directive to disable bound checking (what
-B
compiler option does) per function (including closures), like:-B
on a package or an entire project.The text was updated successfully, but these errors were encountered: