Can we just have struct inheritence already?

Jonathan M Davis newsgroup.d at jmdavisprog.com
Thu Jun 13 17:39:56 UTC 2019 

On Thursday, June 13, 2019 7:32:05 AM MDT Joseph Rushton Wakeling via 
Digitalmars-d wrote:
> On Thursday, 13 June 2019 at 08:24:38 UTC, Nicholas Wilson wrote:
> > No: the spec disagrees with the implementation, therefore at
> > least one of them is wrong. It does not immediately follow that
> > it is the spec that is in error.
>
> It's reasonable to say in this case that the spec is in error,
> because Walter has always been 100% clear that @safe refers only
> to memory safety, and the implementation reflects that intent.

The problem is that if undefined behavior is allowed in @safe code, then how
can @safe code guarantee memory safety when undefined behavior lets the
compiler do whatever it wants with that code? So, while the spec may be
wrong in the sense that preventing undefined behavior is not @safe's
purpose, I don't see how we can allow @safe code to have undefined behavior
and still have @safe do what it's actually supposed to be doing.

As I understand it, a real problem related to this that exists right now is
that llvm considers dereferencing null to be undefined behavior. As such, if
ldc is given a piece of code where the optimizer thinks that a pointer is
null, it will treat it as if that code path was never hit, because it's
allowed to do whatever it wants with that piece of code, since the behavior
is undefined. So, instead of segfaulting by dereferencing null like most of
us would assume that it would, it could do who knows what. As I understand
it, there's nothing there stopping it from generating code that results in
invalid memory being accessed, because it decided that a different branch
was taken that would not have been possible if llvm didn't assume that the
branch with the null dereference didn't happen based on its behavior being
undefined. Because dereferencing is considered @safe, that means that you
have a piece of code that is considered @safe but which could actually end
up doing something like corrupting memory.

That particular issue highlights how we need to make sure that what happens
with dereferencing null is actually defined instead of just assuming that
the CPU will catch it and segfault, but it's just one case of undefined
behavior. If _any_ undefined behavior is allowed in @safe code, then such
problems could crop up in other ways - particularly with aggressive code
optimizers.

- Jonathan M Davis

More information about the Digitalmars-d mailing list