Automatic invariant generation
Steven Schveighoffer via Digitalmars-d
digitalmars-d at puremagic.com
Sun Jul 9 04:46:24 PDT 2017
On 7/9/17 7:10 AM, Walter Bright wrote:
> On 7/7/2017 7:26 AM, Steven Schveighoffer wrote:
>> And since when did we care about null pointers causing segfaults?
>
> Remember Tony Hoare's "The Billion Dollar Mistake"? That added a lot of
> fuel to the fire that a null pointer seg fault is supposed to be avoided
> at all costs, leading to wanting a softer, friendlier assert message
> instead.
>
> I strongly disagree with Hoare - the billion dollar C mistake is having
> arrays relentlessly decay to pointers, leading to endless buffer
> overflow bugs. Seg faults aren't malware vectors.
But this isn't that. This is asserting a certain type of pointer (the
this pointer), which is almost NEVER null, isn't null. It's so
ineffective, I've never seen it trigger in 10 years. It's basically the
worst possible place to deviate from the rule of "we don't do null
pointer exceptions".
>> Can anyone vouch for this feature?
>
> I'm sure if you're willing to spend a while searching this n.g.
> database, you'll find a lot.
I've seen a lot of people argue on the n.g. that null pointer checks
should be added for every pointer dereference. I've NEVER seen anyone
argue that upon every member function call, the compiler should verify
`this` isn't null. Of course, why would they? it's already there :P
I'm seeing a large swath of well-known people arguing in this thread
that it shouldn't work this way, and 0 people defending it.
-Steve
More information about the Digitalmars-d
mailing list