Shouldn't invalid references like this fail at compile time?

Jonathan M Davis newsgroup.d at jmdavisprog.com
Wed Jan 24 03:22:08 UTC 2018 

On Wednesday, January 24, 2018 02:28:12 Mike Franklin via Digitalmars-d 
wrote:
> On Wednesday, 24 January 2018 at 01:44:51 UTC, Walter Bright
>
> wrote:
> > Microcontroller code tends to be small and so it's unlikely
> > that you'll need to worry about it.
>
> I think you need to get involved in programming microcontrollers
> again because the landscape has changed drastically.  The
> microcontrollers I use now are more powerful than PCs of the 90's.
>
> The project I'm currently working on is an HMI for industrial
> control with a full touchscreen 2D GUI.  The code base  is
> 240,084 lines of code and that doesn't even include the 3rd party
> libraries I'm using (e.g. 2D graphics library, newlib C library,
> FreeType font rendering library).  That's not "small" by my
> standard of measure.
>
> And with devices such as this being increasingly connected to the
> Internet, such carelessness can easily be exploited as evident in
> https://en.wikipedia.org/wiki/2016_Dyn_cyberattack   And that's
> not to mention the types of critical systems that run on such
> platforms that we are increasingly becoming more dependent on.
>
> We better start worrying about it.

Well, we can just mandate that dereferencing null be @safe such that if it's
not guaranteed that dereferencing null will segfault, the compiler will have
to insert additional checks. We need to do that anyway for the overly large
objects (and unfortunately don't last I heard). But as long as null checks
aren't inserted when the target is going to segfault on dereferencing null,
then we're not inserting unnecessary checks. That way, stuff running on a
normal CPU would be the same as now (save for the objects that are too large
for segfaulting to work), and targets like a microcontroller would get the
extra checks so that they behaved more like if they were going to segfault
on dereferencing null.

But making dereferencing null @system makes no sense, because that would
mean that dereferencing pointers and references in general could not be
@safe. So, basically, anything that's not on the stack would then be
@system. And that would destroy @safe.

- Jonathan M Davis

More information about the Digitalmars-d mailing list