Null references redux

language_fan foo at bar.com.invalid
Mon Sep 28 15:33:26 PDT 2009


Mon, 28 Sep 2009 15:35:07 -0400, Jesse Phillips thusly wrote:

> language_fan Wrote:
> 
>> > Now if you really want to throw some sticks into the spokes, you
>> > would say that if the program crashes due to a null pointer, it is
>> > still likely that the programmer will just initialize/set the value
>> > to a "default" that still isn't valid just to get the program to
>> > continue to run.
>> 
>> Why should it crash in the first place? I hate crashes. You liek them?
>> I can prove by structural induction that you do not like them when you
>> can avoid crashes with static checking.
> 
> No one likes programs that crash, doesn't that mean it is an incorrect
> behavior though?
> 
>> Have you ever used functional languages? When you develop in Haskell or
>> SML, how often you feel there is a good change something will be
>> initialized to the wrong value? Can you show some statistics that show
>> how unsafe this practice is?
> 
> So isn't that the question? Does/can "default" (by human or machine)
> initialization create an incorrect state? If it does, do we continue to
> work as if nothing was wrong or crash? I don't know how often the
> initialization would be incorrect, but I don't think Walter is concerned
> with it's frequency, but that it is possible.

Value types can be incorrectly initialized and nobody notices. E.g.

  int min;

  foreach(int value; list)
    if (value < min) min = value;

Oops, you forgot to define a flag variable or initialize to int.min (if 
that is what you want). Even Java IDEs spot this error, but not D. The 
flow analysis helps me in tremendous ways - I can fix the error 
statically and boom, the software is suddenly again error free.

Now I can tell you, in functional languages there is no other way. All 
initializations have to be correct, they are final, they are constants 
and they can be initialized incorrectly. But there are some tools that 
help in this. Functions can be automatically tested. Invariants, pre- and 
post-conditions can be set. Still, I can even bet they are much safer 
than D in every possible way. How is this possible?

It really depends on your subjective opinion whether you want a program 
to segfault or spot a set of errors statically, and have illegally 
behaving non-crashing programs. I say FFFFFFFFFFUUUUUUUUUUU every time I 
experience a segfault. My hobby programs at home are not that critical, 
and at work the critical code is *proven* to be correct so no need to 
worry there.



More information about the Digitalmars-d mailing list