Fixing C's Biggest Mistake
Sebastiaan Koppe
mail at skoppe.eu
Sun Jan 1 15:24:26 UTC 2023
On Sunday, 1 January 2023 at 01:58:18 UTC, Walter Bright wrote:
> On 12/30/2022 11:55 PM, Sebastiaan Koppe wrote:
>> In a larger program the first one allows the programmer to do
>> the check once and rely on it for the remainder of the program.
>
> Which is what usually happens with nullable pointers. We check
> once and rely on it to be non-null for the rest of the program
Oh but here is the difference, with nonnull pointers its the type
system that keeps me honest and in your case its another
responsibility for the programmer.
>> Essentially it leverages the type system to make invalid state
>> unrepresentable.
>
> I actually do understand that, I really do. I'm pointing out
> that the hardware makes dereferencing null pointers impossible.
> Different approach, but with the same end result.
Valuable software is forever in a state of change; a series of
additions, refactorings, removals etc. To make those changes
easier it helps if you limit the assumptions each line of code
has. Things like: "This dereference on line 293 is fine because
we checked it at line 237" make refactorings harder. In order to
keep high plasticity you want to limit these implicit - invisible
- connections.
Having unittests helps fearless refactoring. Using the type
system to your advantage helps a lot too.
>> This simplifies subsequent code.
>
> I'm not so sure it does. It requires two types rather than one
> - one with the possibility of a null, one without. Even the
> pattern matching to convert the type is more work than:
>
> if (p) ...
Yes, it is a little bit more work, but that often happens
somewhere on the boundary of the (sub)program, so that the
remainder can just work with the more restricted type.
Also, somewhat tangentially related, isn't nonnull-ness one of
the things `ref` helps with:
```dlang
// transmogrifies `p`, `p` must be non-null!
void transmogrify1(int* p);
// transmogrifies `p`
void transmogrify2(ref int p);
```
`transmogrify2` uses the type system to express its non-null
requirement, which anyone can see just glancing at the signature.
That is worth something.
> Personally, I'm most interested in sumtypes and pattern
> matching as a better error handling mechanism than throwing
> exceptions.
Very happy to hear that. I recently wrote
https://github.com/skoppe/oras/blob/master/source/oras/client.d
which uses mir's algebraics to make all the possible errors
explicit. On top of that it uses `nothrow` to make sure no
exceptions slip in due to changes.
More information about the Digitalmars-d
mailing list