Null pointer dereferencing in D
bearophile via Digitalmars-d
digitalmars-d at puremagic.com
Fri Jun 13 14:13:19 PDT 2014
This was surely discussed in past, but I don't remember the
answer (so perhaps this is more fit in D.learn).
Dereferencing the null pointer in C is undefined behaviour, so in
most cases the program segfaults, but sometimes the compiler
assumes a dereferenced pointer can't be null, so it optimizes
away tests and other parts, leading to bugs and problems,
including exploits:
http://blog.llvm.org/2011/05/what-every-c-programmer-should-know_14.html
What's the solution for very optimizing D compilers like GDC, now
and in future? Surely the C not-solution is not acceptable in a
safe language as D.
Perhaps D can define dereferencing the null pointer in C as
segfaulting in all cases. Is this acceptable for people that
could desire to write a kernel in D?
An alternative possibility is to go the Java way, and add a
compiler switch that adds an assert before every pointer
dereference after the compiler has optimized the code (and remove
some of such asserts where the compiler is certain they can't be
null).
What's the solution used by Rust (beside not having to deal with
nulls in many cases)?
Bye,
bearophile
More information about the Digitalmars-d
mailing list