Fear of Compiler Magic
Dennis
dkorpel at gmail.com
Sat Aug 3 18:52:59 UTC 2024
On Saturday, 3 August 2024 at 17:02:55 UTC, Walter Bright wrote:
> The transformation won't compile if the call is marked @safe,
> and won't compile with the various proposals to increase the
> default safety-ness.
This is an interesting aspect that I forgot to mention: Whenever
I bring up such examples of problematic cases resulting from
'magic', the defense is often akin to: "Sure, it fails in that
theoretical / pathological case, but when are you going to find
that in REAL code?"
Which can be fair. Like I said, a bit of magic doesn't always
have to be problematic. And while I can't tell you when or how
these problem cases are going to crop up, do beware that there
might just be plenty of opportunity, just from a statistical
standpoint.
It's like Intel saying, in response to the [Pentium FDIV
bug](https://en.wikipedia.org/wiki/Pentium_FDIV_bug): "Well, when
are you going to divide 4195835 by 3145727 needing all the
precision? Give me an example of when you would divide those
specific numbers in a REAL application."
That's hard to answer upfront, but with enough users doing enough
floating point math, eventually you get [some great
stories](https://www.youtube.com/watch?v=22FU31ZUgNA&t=1519):
When working on Quake, Michael Abrash spent hours tracking down a
graphical glitch, until finding out with the help of a friend
from Intel that it was the infamous hardware bug.
Going back to printf, it's possible hardly anyone will ever hit
this problem. But when eventually there's thousands of calls to
magic printf out there (or snprintf which still can't be called
in `@safe` code!), each one is a contender to be part of that one
spectacular failure. That's why I used the word "minefield":
There's no guarantee of things blowing up, it depends on the
density of mines and the amount of people crossing.
So you could try some sort of risk assessment for magic features,
but I prefer to just avoid them as much as possible and look for
alternatives.
> It is in the same box as:
That example is different, because the first program wasn't
correct to begin with. Or if it were, then the refactoring would
result in the second program also being correct. In my example,
only the first program was correct.
More information about the Digitalmars-d
mailing list