all OS functions should be "nothrow @trusted @nogc"
Steven Schveighoffer via Digitalmars-d
digitalmars-d at puremagic.com
Wed Jul 26 05:21:33 PDT 2017
On 7/26/17 7:55 AM, Timon Gehr wrote:
> On 26.07.2017 13:22, Steven Schveighoffer wrote:
>> On 7/26/17 6:01 AM, Timon Gehr wrote:
>>> On 26.07.2017 03:09, Steven Schveighoffer wrote:
>>>> ...
>>>> In other words, I think we can assume for any C functions that are
>>>> passed pointers that dereference those pointers, passing null is
>>>> safely going to segfault.
>>>
>>> I'm not going to assume that.
>>
>> Tell you what, when you find a D platform that this doesn't happen, >
>> we can fix it with a version statement ;)
>>
>
> The burden of proof is on you, not me. You are advocating the C approach
> to memory safety.
They leave NULL dereferencing undefined because in some quirky old
useless no-longer-existing hardware, it doesn't segfault.
Note that this is more implementation defined than undefined (in fact, I
couldn't find it listed in the UB section at all in the C11 spec).
Look at Walter's response. I think D can simply only work with C
implementations on platforms where null dereferencing segfaults and
ignore the rest.
Walter, can we update the @safe spec to say that reading/writing data
from the null page in C is required to generate a program crash for
@safe to be valid? This can be an exception to the UB rule.
I just don't see the point of adding extra checks for null when the
hardware already does it.
-Steve
More information about the Digitalmars-d
mailing list