SAL at Microsoft

bearophile bearophileHUGS at lycos.com
Mon Feb 28 04:32:06 PST 2011


Kagamin:

>> _deref/_deref_opt/_opt: In D I have suggested the @ suffix to denote nonnull pointers/references.
>>
>> __checkReturn: GCC has a similar annotation, I have suggested something similar for D too.
>
> don't contracts do it already?

If you are referring to the _deref/_opt then the nonnull annotations can't be replaced by contract tests because a contract is more verbose, currently in D is verified at run-time, and first of all because a nonnull suffix creates a new type, that's then usable in other parts of the program. A contract tests just one execution path, a type system tests all possible paths, it's a much stronger enforcement.

If you __checkReturn then contracts are not able to do it, this has a different purpose.
It's similar to the "warn_unused_result" function attribute from GCC:
http://gcc.gnu.org/onlinedocs/gcc/Function-Attributes.html#index-g_t_0040code_007bwarn_005funused_005fresult_007d-attribute-2544

>From that page:
>The warn_unused_result attribute causes a warning to be emitted if a caller of the function with this attribute does not use its return value. This is useful for functions where not checking the result is either a security problem or always a bug, such as realloc.<

See also:
http://d.puremagic.com/issues/show_bug.cgi?id=3882
http://d.puremagic.com/issues/show_bug.cgi?id=5464

The two main usages of @nodiscard:
- Exceptions are good, but in some situations you want something more efficient, like a simple error return value. @nodiscard is useful to not ignore error return values.
- Many functions are not pure but they are useful only for their result, because their side effects are not important. Phobos is full of such functions. If you don't use the result of such functions, you usually have a bug. @nodiscard helps to catch them.
- pure functions are always @nodiscard, no need to add this annotation.


>> __format_string/__callback: interesting, but I don't understand why they are useful.

> format string is effectively a kind of signature, against which arguments can be typechecked.

Time ago I have opened an enhancement request about that:
http://d.puremagic.com/issues/show_bug.cgi?id=4458

But I don't understand how a __format_string annotation helps here.

If you have code like this:

string f = "%d";
writeln(f, 10);

Adding that annotation (here translated to a D annotation) doesn't help the compiler much:

@format_string string f = "%d";
writeln(f, 10);

On the other hand if you syntetize the format string (from parts or in another way) it's not useful still, you can't even add the format string annotation here:

string p1 = "%";
string p2 = "d";
writeln(p1 ~ p2, 10);

Bye,
bearophile


More information about the Digitalmars-d mailing list