safety: null checks
ag0aep6g
anonymous at example.com
Mon Nov 23 02:21:20 UTC 2020
On Monday, 23 November 2020 at 01:36:38 UTC, Ola Fosheim Grostad
wrote:
> On Monday, 23 November 2020 at 01:26:15 UTC, ag0aep6g wrote:
>> The reference implementation treats null as a safe value. Yes,
>> that can imply additional checks at run time. That's what
>> Walter chose, for better or worse.
>
> It traps null dereferencing unless the object is very large.
What I meant is that DMD allows dereferencing null in @safe code.
Since @safe code must not corrupt memory, it must then take the
necessary steps to make that safe.
I'm pretty sure that DMD doesn't actually take the necessary
steps (as you say, it ignores large objects). And I'm not sure if
Walter has fully considered the implications, but he has made it
clear that null is supposed to be a safe value. And that can be
made to work fairly easily, at the cost of run-time checks. Maybe
treating null as unsafe could also work, but that would need a
lot more design work.
> I think it should state clearly whether that is portable or
> specific for Posix-like systems. Does it require explicit null
> check conditionals on platforms that do not provide traps?
>
> That is what has to be clarified.
I think that's an implementation detail. An implementation must
ensure that null is safe (at least in @safe code). We don't
really care how it does that, but adding checks before every
dereference is the obvious solution.
More information about the Digitalmars-d
mailing list