Making alloca more safe

dsimcha dsimcha at yahoo.com
Mon Nov 16 12:31:51 PST 2009


== Quote from bearophile (bearophileHUGS at lycos.com)'s article
> Walter Bright:
> > I don't want to get into another loooong thread about should pointers be
> > nullable or not,
> It was a good thread with good ideas.
> >I just wished to point out that it was not a *safety* issue.<
> A safe system is not a program that switches itself off as soon as there's a
small problem.
> One Ariane missile has self-destroyed (and destroyed an extremely important
scientific satellite it was carrying whose mission I miss still) because of this
silly behaviour united with the inflexibility of the Ada language.
> A reliable system is a systems that keeps working correctly despite all. If this
is not possible, in real life you usually want a "good enough" behaviour. For
example, for your TAC medical machine, in Africa if the machine switches itself
off at the minimal problem they force the machine to start again, because they
don't have money for a 100% perfect fix. So for them it's better a machine that
shows a slow and graceful degradation. That's a reliable system, something that
looks more like your liver, that doesn't totally switch off as soon it has a small
problem (killing you quickly).
> A program that stops working in a random moment because of a null is not safe.
(And even if you accept this, in safer languages like C#/Java there are null
exceptions that show a stack trace. The type system is smart enough to remove most
of those tests to improve performance). A safer program is a program that avoids
null pointer exception because the type system has formally verified the program
has no nulls.
> Bye,
> bearophile

In a way you're right.  However, there is no universal answer for what to do about
a null pointer except die **with a good error message explaining what went
wrong**.  This is the part that's missing.  Right now you get an access violation.
 I'd like an assert failure with a line number and a "Null pointer dereference"
error message when I'm not in release mode.



More information about the Digitalmars-d mailing list