D - Unsafe and doomed
deadalnix
deadalnix at gmail.com
Sun Jan 5 15:59:54 PST 2014
On Sunday, 5 January 2014 at 00:05:46 UTC, Walter Bright wrote:
>> Because it is an instant crash,
>
> Would things going on and a random thing happening randomly
> later be better?
>
Compile time error is preferable.
>> because it is not possible to make it safe
>> without runtime check,
>
> Wrapper types can handle this.
>
>> because it is known to fool optimizer and cause really
>> nasty bugs (typically, a pointer is dereferenced, so the
>> optimizer assume it
>> isn't null and remove null check after the dereference, and
>> then the dereference
>> is removed as it is dead.
>
> I'd like to see a case where this is nasty. I can't think of
> one.
>
A recent linux kernel exploit was caused by this. Reread
carefully, this nasty behavior is created by the optimizer, and
avoiding it mean preventing the optimizer to optimize aways
loads, unless it can prove the pointer is non null. As D is meant
to be fast, this limitation in the optimizer is highly
undesirable.
>
>> a bugguy code that could have crashed will know behave
>> in random ways).
>
> Above it seems you were preferring it to fail in random ways
> rather than instant and obvious seg fault :-) For the record, I
> vastly prefer the instant seg fault.
>
You made that up. I do not prefers such behavior.
> I've posted a NonNull wrapper here a couple of times. I think
> it is adequately addressable at the library level, with the
> bonus that the same technique will work for other constrained
> types.
>
We already have a Nullable type as library.
More information about the Digitalmars-d
mailing list