{"id":345,"date":"2024-07-12T23:09:31","date_gmt":"2024-07-13T03:09:31","guid":{"rendered":"http:\/\/www.schveiguy.com\/blog\/?p=345"},"modified":"2024-07-13T02:00:09","modified_gmt":"2024-07-13T06:00:09","slug":"dlang-psa-dont-use-release","status":"publish","type":"post","link":"https:\/\/www.schveiguy.com\/blog\/2024\/07\/dlang-psa-dont-use-release\/","title":{"rendered":"Dlang PSA: Don&#8217;t use -release"},"content":{"rendered":"\n<p>Don&#8217;t use the <code>-release<\/code> command line switch for the D compiler.<\/p>\n\n\n\n<p>Why? Because it removes bounds checks from arrays in <code>@system<\/code> code. Why is this a problem? It is a problem because the #1 problem with all exploits in the world is buffer overflows &#8212; writing or reading data that you are not supposed to have access to.<\/p>\n\n\n\n<p>In other words, if you have a bug in your code where you don&#8217;t validate your array usage is within bounds, then bound checks will prevent a catastrophic error, or an exploit. If you are lucky, you get a segmentation fault that crashes your program.<\/p>\n\n\n\n<p>Note that <code>-release<\/code> doesn&#8217;t even optimize the code! You still need to use <code>-O -inline<\/code> to get maximum performance. If you are feeling a bit adventurous, you might use <code>-check=assert=off<\/code>, but that&#8217;s only if you really have expensive asserts that are causing performance problems. Even then, I might look into selectively compiling some modules with asserts off to achieve the desired performance.<\/p>\n\n\n\n<p>In general, turning off safety checks is only crucial for <em>performance critical<\/em> code. It should not be project-wide. And for bounds checks? You can easily omit bounds checks in <code>@system<\/code> code by using the <code>.ptr[index]<\/code> mechanism.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What about dub?<\/h2>\n\n\n\n<p>For those who use dub, you can actually override the <code>release<\/code> build option. Here is how I do it (dub.json format):<\/p>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"language-\">&quot;buildTypes&quot;: {\n    &quot;release&quot;: {\n        &quot;buildOptions&quot;: [\n            &quot;inline&quot;,\n            &quot;optimize&quot;\n        ]\n    }\n}<\/code><\/pre>\n\n\n\n<p>This means, when you type <code>dub -b release<\/code> you won&#8217;t accidentally remove the most important checks present in your code.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">But I want my code to be the fastest ever!!!<\/h2>\n\n\n\n<p>No, you don&#8217;t. You don&#8217;t care if it takes 200ms vs 250ms. Trust me. Just don&#8217;t do it.<\/p>\n\n\n\n<p>Here is a case where D beat pretty much all the competition, and never turned off bounds checks: <a href=\"https:\/\/github.com\/jinyus\/related_post_gen\">https:\/\/github.com\/jinyus\/related_post_gen<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Don&#8217;t use the -release command line switch for the D compiler. Why? Because it removes bounds checks from arrays in @system code. Why is this a problem? It is a problem because the #1 problem with all exploits in the world is buffer overflows &#8212; writing or reading data that you are not supposed to [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-345","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.schveiguy.com\/blog\/wp-json\/wp\/v2\/posts\/345"}],"collection":[{"href":"https:\/\/www.schveiguy.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.schveiguy.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.schveiguy.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.schveiguy.com\/blog\/wp-json\/wp\/v2\/comments?post=345"}],"version-history":[{"count":3,"href":"https:\/\/www.schveiguy.com\/blog\/wp-json\/wp\/v2\/posts\/345\/revisions"}],"predecessor-version":[{"id":348,"href":"https:\/\/www.schveiguy.com\/blog\/wp-json\/wp\/v2\/posts\/345\/revisions\/348"}],"wp:attachment":[{"href":"https:\/\/www.schveiguy.com\/blog\/wp-json\/wp\/v2\/media?parent=345"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.schveiguy.com\/blog\/wp-json\/wp\/v2\/categories?post=345"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.schveiguy.com\/blog\/wp-json\/wp\/v2\/tags?post=345"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}