Bad array indexing is considered deadly

Nick Sabalausky (Abscissa) via Digitalmars-d digitalmars-d at puremagic.com
Wed May 31 20:20:54 PDT 2017 

On 05/31/2017 10:50 PM, Jonathan M Davis via Digitalmars-d wrote:
> On Wednesday, May 31, 2017 22:33:43 Nick Sabalausky  via Digitalmars-d
> wrote:
>> On 05/31/2017 05:00 PM, Steven Schveighoffer wrote:
>>> On 5/31/17 3:17 PM, Moritz Maxeiner wrote:
>>>> So in your specific use case I would say use a wrapper. This is one of
>>>> the reasons why I am working on my own library for data structures
>>>> (libds).
>>>
>>> That is my conclusion too.
>>
>> Honestly, I really think that if there is need to wrap something as
>> basic as "all arrays in a codebase" then it's clear something in the
>> langauge had gone horribly wrong.
>>
>> But short of actually *fixing* D's broken concept of Error, I don't see
>> a better solution either.
> 
> Using an Exception to signal a programming bug and then potentially trying
> to recover from it is like trying to recover from a segfault. It really
> doesn't make sense.
> 
> Yes, it's annoying when you have a bug that kills your program, and even
> when you do solid testing, you're unlikely to have found everything, but the

Exeption thrown != "OMG NOTHING ABOUT ANY BRANCH OF THE PROGRAM CAN BE 
REASONED ABOUT OR RELIED UPON ANYMORE!!!!"

Your argument only applies for spaghetti code. Normal code is 
compartmentalized. Different subsystems and all that jazz. Just because 
one thing fails in one box, doesn't mean we gotta nuke the whole friggin 
industrial park and rebuild.

 > solution to a bug is to fix the bug,

Obviously. But that's not the question. The question is: What do you do 
in the meantime? Do you quarantine 12 states and a neighboring country 
because somebody coughed untill the threat is neutralized, or should the 
response actually match the threat?

 > not try and have your program limp
 > along in an unknown state.
 >

False dichotomy. Exceptions causes are usually very localized. There is 
no "unknown state" outside of that tiny little already-quaranteened box.


> Yes, there may be cases where array indices are effectively coming from user
> input, and you're going to have to check them all rather than the code
> having been written in a way that guarantees that the indices are valid, and
> in those cases, wrapping an array to do the checks may make sense, but in
> the vast majority of programs, invalid indices should simply never happen -
> just like dereferencing a null pointer should simply never happen - and if
> it does happen, it's a bug.

Yes, it's a bug. A *localized* bug. NOT RAMPANT MEMORY CORRUPTION.

More information about the Digitalmars-d mailing list