Bad array indexing is considered deadly
nohbdy via Digitalmars-d
digitalmars-d at puremagic.com
Fri Jun 2 16:23:45 PDT 2017
I'm using D to write an RSS reader.
As I understand it, the compiler does not guarantee correct
cleanup when an Error is thrown through a nothrow function.
Furthermore, it doesn't guarantee that an Error can be caught
(though it happens to allow it today).
Do I need to modify the compiler to ignore nothrow and treat all
throwables the same so it doesn't corrupt application state when
I recover from an Error? Fork vibe.d and every other library I
use to remove nothrow? I can't really justify that. My RSS reader
is a side project.
Do I accept that writing my code in D will result in a program
that will crash unrecoverably in cases where using C# would just
show a 503 and log an error to disk? That's a disservice to my
users.
Do I increase development time to make up for D's problems in
this area, pipe requests through a proxy that will convert
crashes to 503 errors, split things out into as many processes as
possible? At that point, I'll just use C#. It's less pleasant in
a wide variety of ways, but I'd save a lot of work and complexity.
And this practice is to make code marginally more efficient in
uncommon cases, because people are conflating "this is a problem
that a competent programmer should have been able to avoid"
(yeah, okay, I was incautious, we can move on) with "this
dependency of yours, probably the runtime, is in an invalid
state", and nothrow optimizations assume the latter only.
And it's exacerbated because bounds checking is seen as an option
to help with debugging instead of a safety feature to be used in
production. Because removing bounds checking is seen as a
sensible thing to do instead of a highly unsafe optimization.
It's exacerbated because Walter is in a mindset of writing
mission-critical applications where any detectable bug means you
need to restart the program. Honestly, if I were writing flight
control systems for Airbus, I could modify druntime to raise
SIGABRT or call exit(3) when you try to throw an Error. It would
be easy, and it would be worthwhile. If you really need cleanup,
atexit(3) is available.
More information about the Digitalmars-d
mailing list