Maybe D is right about GC after all !

Paolo Invernizzi paolo.invernizzi at gmail.com
Tue Dec 26 13:54:09 UTC 2017


On Tuesday, 26 December 2017 at 11:54:12 UTC, codephantom wrote:
> On Tuesday, 26 December 2017 at 10:00:25 UTC, Paolo Invernizzi 
> wrote:
>> IMHO, the lost list of vulnerability in code shipped by "first 
>> class enterprises" is just crying out that C/C++ is not 
>> mechanically checkable.
>> And we are talking about company that can literally spend an 
>> Everest of money on that.
>>
>> /Paolo
>
> Well, the 'mechanics of checking' continue to need improvement, 
> whether it's C, C++, D, or whatever....
>
> A language that is flexible enough to do the things you can do 
> with such a language, comes at a cost.. which is safety (or 
> program correctness to be precise). Flexibility breeds bugs! 
> That's just how it is. It's inescapable.
>
> And I doubt that it has anything to do with how much money you 
> can spend.
>
> In the example below, which is D code, I simply have to 
> 'forget' to annotate with @safe, and then it's anyone's guess 
> at to what will happen (at least in the second example)
>
> i.e. the mechanical checks don't occur because I simply 
> 'forgot' to do something.
>
> // ---
> module test;
>
> import std.stdio;
>
> // from: 
> https://dlang.org/blog/2016/09/28/how-to-write-trusted-code-in-d/
>
> // look at how flexible D is...
> void main()
> {
>     auto buf = new int[1];
>
>     //buf[2] = 1; // compiles ok, even with @safe.
>                   // but get range violation at runtime,
>                   // whether you use @safe or not
>                   // (unless you've disabled bounds checking)
>
>     buf.ptr[2] = 1; // compiles ok, runs ok  - or does it?
>                     // however, if you 'remember' to use @safe,
>                     // then it won't compile, and you're safe.
>
> }
> // -----


I have to disagree, again.

It's factual that you can mechanically impose that a module 
contains only @safe code, and you can do it in multiple ways. You 
can 'mechanically' impose to write memory safe code in D.

With C/C++ you simply can't do it anything similar, today (and, 
IMHO, neither tomorrow): the rising of Rust is here to tell us 
exactly that.

/Paolo



More information about the Digitalmars-d mailing list