Providing implicit conversion of - memory-safety
Danilo
codedan at aol.com
Tue Jan 23 23:40:55 UTC 2024
On Tuesday, 23 January 2024 at 17:54:25 UTC, bachmeier wrote:
> Here's a reduced version of one of the most bizarre bugs I've
> dealt with in any language. The only reason I didn't move on to
> another language was because I was too busy at the time.
>
> The code allows for initial values if the index is less than 0,
> otherwise it returns the element.
>
> ```
> import std;
>
> double value(T)(T index, double * x) {
> if (index - 5 < 0) {
> return 0.0;
> } else {
> return x[index-5];
> }
> }
>
> void main() {
> double[] v = [1.1, 2.2, 3.3];
> // Works
> writeln(value(3, v.ptr));
> // Lucky: program segfaults
> writeln(value(v.length, v.ptr));
> }
> ```
>
> I noticed this behavior only because the program crashes. Once
> I figured out what was going on, I realized that the thousands
> of lines of code I had already written needed to be checked and
> possibly rewritten. If only I had a compiler to do that for me.
How did you make it correct?
Write 2 different versions for `signed` and `unsigned` types?
Or could you utilize `core.checkedint` somehow for checking
overflow?
```d
double value(T)(T index, double * x) {
bool overflow;
subu(index, 5, overflow);
if (overflow) {
return 0.0;
} else {
return x[index-5];
}
}
```
This is probably only correct for `unsigned` types.
More information about the Digitalmars-d-learn
mailing list