Spec#, nullables and more
Walter Bright
newshound2 at digitalmars.com
Fri Nov 5 11:39:52 PDT 2010
bearophile wrote:
> Walter Bright:
>
>> The $10 billion mistake was C's conversion of arrays to pointers when
>> passing to a function.
>>
>> http://www.drdobbs.com/blog/archives/2009/12/cs_biggest_mist.html
>>
>> Sadly, there's an ongoing failure to recognize this, as it is never
>> addressed in any of the revisions to the C or C++ standards,
>
> I agree, that's a very bad problem, probably worse than null-related bugs.
It's infinitely worse. Null pointers do not result in memory corruption, buffer
overflows, and security breaches.
>> and is missed by the supposedly "safe C" alternatives.
>
> This is probably wrong. I don't know many C alternatives, but the well known
> Cyclone language uses fat pointers (and other things) to solve that C
> problem.
The Cyclone user manual says you have to rewrite a parameter as:
void foo(int *@numelts(4) arr);
to avoid the bugs with:
void foo(int arr[]);
I think that latter broken syntax is still supported by Cyclone, but with the
inadequate manual http://cyclone.thelanguage.org/wiki/User%20Manual it's hard to
tell.
Oh, and you have to redeclare the C:
int sum(int num, int *p);
as:
int sum(tag_t<`n> num,
int *@notnull @numelts(valueof(`n)) p);
No wonder Cyclone failed.
More information about the Digitalmars-d
mailing list