Spec#, nullables and more

Walter Bright newshound2 at digitalmars.com
Fri Nov 5 11:39:52 PDT 2010


bearophile wrote:
> Walter Bright:
> 
>> The $10 billion mistake was C's conversion of arrays to pointers when
>> passing to a function.
>> 
>> http://www.drdobbs.com/blog/archives/2009/12/cs_biggest_mist.html
>> 
>> Sadly, there's an ongoing failure to recognize this, as it is never
>> addressed in any of the revisions to the C or C++ standards,
> 
> I agree, that's a very bad problem, probably worse than null-related bugs.

It's infinitely worse. Null pointers do not result in memory corruption, buffer 
overflows, and security breaches.


>> and is missed by the supposedly "safe C" alternatives.
> 
> This is probably wrong. I don't know many C alternatives, but the well known
> Cyclone language uses fat pointers (and other things) to solve that C
> problem.


The Cyclone user manual says you have to rewrite a parameter as:

     void foo(int *@numelts(4) arr);

to avoid the bugs with:

     void foo(int arr[]);

I think that latter broken syntax is still supported by Cyclone, but with the 
inadequate manual http://cyclone.thelanguage.org/wiki/User%20Manual it's hard to 
tell.

Oh, and you have to redeclare the C:

     int sum(int num, int *p);

as:

     int sum(tag_t<`n> num,
         int *@notnull @numelts(valueof(`n)) p);

No wonder Cyclone failed.


More information about the Digitalmars-d mailing list