How does D improve design practices over C++?

Brad Roberts braddr at puremagic.com
Wed Oct 29 18:17:29 PDT 2008 

On Wed, 29 Oct 2008, Jarrett Billingsley wrote:

> On Wed, Oct 29, 2008 at 5:43 PM, Brad Roberts <braddr at puremagic.com> wrote:
> > On Wed, 29 Oct 2008, Walter Bright wrote:
> >
> >> bearophile wrote:
> >> > D1 is often safer than C and C++, but regarding safety there are
> >> > several things that can improved still, often with no/little
> >> > performance penalty (unsafe casting (automatic and manual), integral
> >> > overflows, GC pointers Vs other pointers, nonnull types, named
> >> > arguments, fallthrough switch cases, multi var assigns syntax
> >> > missing, octal literals, bitwise operators as symbols instead English
> >> > words, and many other smaller things I have listed in the past). You
> >> > may want to tell them about the idea of SafeD too (javesque D).
> >>
> >> "Safety" in programming languages does not refer to program correctness, but
> >> absence of bugs that could result in memory corruption. The agenda of SafeD is
> >> to find the subset of D that can guarantee there is no memory corruption.
> >>
> >> Null pointer dereferencing, for example, is a program bug but is not a safety
> >> issue because it cannot cause memory corruption.
> >
> > Actually, that's not true.  Dereferencing null _can_ corrupt memory.  As
> > you well know, ptr[index] is just ptr + index.  Use a large and accurate
> > enough index and you're out of that first page of memory and back into
> > application memory space.  Find the address of a key stack variable and
> > you've got room for all sorts of fun and mahem.
> >
> > These are the sorts of bugs in popular enough applications are the things
> > that end up costing companies lots of money to emergency fix.  One of the
> > few recent flash exploits were exactly this type of bug.
> >
> > Later,
> > Brad
> >
> 
> Interestingly, although null dereferences are unsafe, in a safe
> language like SafeD it's not actually possible to do so.  There are no
> pointers and arrays are bounds-checked.  So with the combination of
> the typing system and the runtime checks, null can never actually be
> dereferenced, so no special consideration has to be given to it.

Unless something's changed, pointers aren't even a part of SafeD, so that 
line of reasoning is largely irrelevant.  I was also talking about the 
larger context of the thread, which includes what 'safety' means in the 
context of programming in general.  Since this thread included c and c++, 
it's a legit concern.

If we're going to include the broader d language, the bounds checking is 
only on for some builds, not all builds, so the problem still exists there 
too.

Later,
Brad

More information about the Digitalmars-d mailing list