Discussion Thread: DIP 1035-- at system Variables--Final Review
Stanislav Blinov
stanislav.blinov at gmail.com
Wed Feb 23 00:14:13 UTC 2022
On Tuesday, 22 February 2022 at 18:33:58 UTC, Paul Backus wrote:
> On Tuesday, 22 February 2022 at 17:29:46 UTC, Stanislav Blinov
> wrote:
>> You *can* write such a program with fds. The example is one
>> such program. Do you have any suggestions on how to make it
>> clearer?
>
> The example, as written, does not link, because `File.write` is
> missing a function body.
If you're going to go there, then...
> If I fill in the obvious implementation, I get the following
> program:
>
> ```d
> struct File
> {
> void write(const(void)[] data) @safe
> {
> import core.sys.posix.unistd: write;
> () @trusted { write(fd, data.ptr, data.length); }();
> }
> private int fd;
> }
...that @trusted code is incorrect, at least on some platforms
(yes, I can nitpick too). Or we can simply agree that
`File.write` is implemented correctly in terms of `write` (which
is the important part) and leave it at that, as the rest is
irrelevant to the example. I am seriously perplexed at this kind
of nitpicking, not to mention the implied expectation of having
to spell out full-blown libraries in an example code.
> void main() @safe
> {
> File f = void;
> f.write("hello");
> }
> ```
>
> The above program does not have undefined behavior. The call to
> `write` will either fail with `EBADF`, or attempt to write the
> string `"hello"` to some unspecified open file.
I am reasonably certain that the results may be much more varied
than that, including some that aren't specified:
https://pubs.opengroup.org/onlinepubs/9699919799/functions/write.html
> If you believe there is some way to get the above program to
> produce undefined behavior, or to complete your original
> example in such a way that it produces undefined behavior
> without the use of incorrect `@trusted` code, I'm afraid you
> will have to spell it out for me.
Not exhaustive:
It may corrupt a given GC's implementation's heap, which means
what occurs after the } is anyone's guess.
It may mutate data that's supposed to be immutable (i.e. in a
parent process, though you could argue that might not be relevant
to the DIP).
It may block indefinitely, or crash, or complete with no effect.
If you could demonstrate that it cannot possibly exhibit at least
the above, I'll happily accept being mistaken.
...but seriously. What is it with all the condescending tone on
the forums lately?
More information about the Digitalmars-d
mailing list