Non-null objects, the Null Object pattern, and T.init

Ola Fosheim Grøstad" <ola.fosheim.grostad+dlang at gmail.com> Ola Fosheim Grøstad" <ola.fosheim.grostad+dlang at gmail.com>
Sun Jan 19 04:20:41 PST 2014 

On Sunday, 19 January 2014 at 07:40:09 UTC, Walter Bright wrote:
> On 1/18/2014 6:33 PM, Walter Bright wrote:
>> You elided the qualification "If it is a critical system". dmd 
>> is not a safety critical application.
>
> And I still practice what I preach with DMD. DMD never attempts 
> to continue running after it detects that it has entered an 
> invalid state - it ceases immediately. Furthermore, when it 
> detects any error in the source code being compiled, it does 
> not generate an object file.

I think the whole "critical system" definition is rather vague. 
For safety critical applications you want proven implementation 
technology, proper tooling and a methodology to go with it. And 
it is very domain specific. Simple algorithms can be proven 
correct, some types of signal processing can be proven 
correct/stable, some types of implementations (like a FPGA) 
affords exhaustive testing (test all combination of input). In 
the case of D, I find that a somewhat theoretical argument. D is 
not a proven technology. D does not have tooling with a 
methodology to go with it. But yes, you want backups due to 
hardware failure even for programs that are proven correct. In a 
telephone central you might want to have a backup system to 
handle emergency calls.

If you take a theoretical position (which I think you do) then I 
also think you should accept a theoretical argument. And the 
argument is that there is no theoretical difference between 
allowing programs with known bugs to run and allowing programs 
with anticipated bugs to run (e.g. catching "bottom" in a 
subsystem). There is also no theoretical difference between 
allowing DMD to generate code that is not following the spec 
100%, and allowing DMD to generate code if an anticipated 
"bottom" occurs. It all depends on what degree of deviance from 
the specified model you accept. It is quite acceptable to catch 
"bottom" for an optimizer and generate less optimized code for 
that function, or to turn off that optimizer setting. However, in 
a compiler you can defer to "the pilot" (compiler) so that is 
generally easier. In a server you can't.

More information about the Digitalmars-d mailing list