Null references redux
Lionello Lunesu
lio at lunesu.remove.com
Sun Sep 27 16:31:20 PDT 2009
On 27-9-2009 9:20, Walter Bright wrote:
> language_fan wrote:
>> The idea behind non-nullable types and other contracts is to catch
>> these errors on compile time. Sure, the code is a bit harder to write,
>> but it is safe and never segfaults. The idea is to minimize the amount
>> of runtime errors of all sorts. That's also how other features of
>> statically typed languages work.
>
>
> I certainly agree that catching errors at compile time is preferable by
> far. Where I disagree is the notion that non-nullable types achieve
> this. I've argued extensively here that they hide errors, not fix them.
>
> Also, by "safe" I presume you mean "memory safe" which means free of
> memory corruption. Null pointer exceptions are memory safe. A null
> pointer could be caused by memory corruption, but it cannot *cause*
> memory corruption.
// t.d
void main()
{
int* a;
a[20000] = 2;
}
[C:\Users\Lionello] dmd -run t.d
[C:\Users\Lionello]
This code passes on Vista. Granted, needs a big enough offset and some
luck, but indexing null will never be secure in the current flat memory
models.
L.
More information about the Digitalmars-d
mailing list