safety: null checks

ag0aep6g anonymous at
Mon Nov 23 02:21:20 UTC 2020

On Monday, 23 November 2020 at 01:36:38 UTC, Ola Fosheim Grostad 
> On Monday, 23 November 2020 at 01:26:15 UTC, ag0aep6g wrote:
>> The reference implementation treats null as a safe value. Yes, 
>> that can imply additional checks at run time. That's what 
>> Walter chose, for better or worse.
> It traps null dereferencing unless the object is very large.

What I meant is that DMD allows dereferencing null in @safe code. 
Since @safe code must not corrupt memory, it must then take the 
necessary steps to make that safe.

I'm pretty sure that DMD doesn't actually take the necessary 
steps (as you say, it ignores large objects). And I'm not sure if 
Walter has fully considered the implications, but he has made it 
clear that null is supposed to be a safe value. And that can be 
made to work fairly easily, at the cost of run-time checks. Maybe 
treating null as unsafe could also work, but that would need a 
lot more design work.

> I think it should state clearly whether that is portable or 
> specific for Posix-like systems. Does it require explicit null 
> check conditionals on platforms that do not provide traps?
> That is what has to be clarified.

I think that's an implementation detail. An implementation must 
ensure that null is safe (at least in @safe code). We don't 
really care how it does that, but adding checks before every 
dereference is the obvious solution.

More information about the Digitalmars-d mailing list