Fixing C's Biggest Mistake

Timon Gehr timon.gehr at gmx.ch
Sun Jan 1 03:06:54 UTC 2023 

On 1/1/23 02:58, Walter Bright wrote:
>>
>> In a larger program the first one allows the programmer to do the 
>> check once and rely on it for the remainder of the program.
> 
> Which is what usually happens with nullable pointers. We check once and 
> rely on it to be non-null for the rest of the program, and the hardware 
> ensures we didn't screw it up.

No, it absolutely, positively does not... It only ensures no null 
dereference takes place on each specific run. You can have screwed it up 
and only notice once the program is published. I know this happens 
because I have been a _user_ of software with this kind of problem. 
Notably this kind of thing happens in released versions of DMD sometimes...

> 
>> Essentially it leverages the type system to make invalid state unrepresentable.
> 
> I actually do understand that, I really do. I'm pointing out that the hardware makes dereferencing null pointers impossible. Different approach, but with the same end result. 
If you really think it's the same, you actually do not understand it.

>> This simplifies subsequent code. 
> 
> I'm not so sure it does. It requires two types rather than one - one with the possibility of a null, one without.

You have to be aware of this in either case. It's simpler if it's 
actually tracked in the type system.

> Even the pattern matching to convert the type is more work than:
> 
>    if (p) ...

Most languages with nonnull pointers allow the above syntax. This is a 
non-argument.

> I know I'm not convincing anyone, and that's OK.

I don't even understand what your position is.

> Seg faults are a marvel of modern CPU technology, but 99% of programmers regard them as uncool as a zit.

They are great at what they do, this is just not a good use case for them.

> D will get sumtypes and pattern matching and then everyone can do what works best for them. D has always been a language where you can choose between a floor wax and a dessert topping. 

That's great. However, it's somewhat aggravating to me that I am 
currently not actually convinced you understand what's needed to achieve 
that. This is because you are making statements that equate nonnull 
pointers in the type system to runtime hardware checking with 
segmentation faults.

More information about the Digitalmars-d mailing list