Why dont dlang check NullPointer?
Steven Schveighoffer via Digitalmars-d
digitalmars-d at puremagic.com
Fri Mar 27 04:17:57 PDT 2015
On 3/27/15 12:13 AM, deadalnix wrote:
> On Friday, 27 March 2015 at 03:59:30 UTC, zhmt wrote:
>>>
>>> The best way to do that is to separate the server modules into
>>> independent processes. Then if one crashes, the others keep running
>>> without fear of corruption.
>>>
>>> So instead of server modules, try doing mini servers that communicate
>>> with the main server. This is how a lot of newer programs are written
>>> because of the reliability and security benefits it offers.
>>
>> But this will make the developement more difficult for me, or not
>> acceptable.
>>
>> Is there any other ways?
>
> http://www.deadalnix.me/2012/03/24/get-an-exception-from-a-segfault-on-linux-x86-and-x86_64-using-some-black-magic/
>
>
> There is a hook in the runtime to enable this if you want.
>
> BUT, null pointer exception or not, Adam is right. Have your stuff run
> in multiple process that you can restart. This is more reliable, this is
> more secure, this is easier to update without downtime, and so on...
> This is far superior solution for server stuff.
Please note, this is NOT a null pointer exception, it's a segfault
exception. This can happen with corruption (absolutely should not
continue) as well as forgetting to initialize a variable (dangerous if
not handled correctly, but still feasible to continue). It may not be as
black and white as if it's a null pointer that was dereferenced or not.
I highly recommend terminating the process.
As for the original question (why does D do this?), it's because the
system ALREADY catches null pointer access. To add additional checks
would slow down the system. And as you can see, you can hook these
mechanisms to actually throw an exception, but this is a relatively
recent development.
In addition, as I mentioned, a seg fault can occur for a number of
reasons, and D takes the position that you really should just terminate
the process if this happens.
The reason using multiple processes is more secure and reliable is
because a rogue thread (one that has segfaulted because of a memory
corruption error) can corrupt data in all your other threads. A separate
process cannot.
-Steve
More information about the Digitalmars-d
mailing list