On Tue, 04 Jan 2011 07:34:15 -0500
bearophile <[email protected]> wrote:
> An example of bug (more than 14 like this fixed in few years):
>
> - memset(pp, 0, sizeof(pp));
> + memset(pp, 0, sizeof(*pp));
>
> - memcpy((caddr_t)TstSchedTbl, (caddr_t)&vcIndex,sizeof(TstSchedTbl));
> + memcpy((caddr_t)TstSchedTbl, (caddr_t)&vcIndex, sizeof(*TstSchedTbl));
>
> Here the type system knows that pp is a pointer. sizeof(pp) is typically a
> word, while the correct sizeof(*pp) is often larger. A simple way to avoid
> this bug in D is to use a zerioing template function, something like
> (untested) (in GNU C there is a way to write a similar macro, I don't know
> why they don't use it, even if it's a bit less safe and much less nice
> looking):
>
> void zeroit(T)(T* ptr) if (!IsPointer!T) {
> memset(ptr, 0, (*ptr).sizeof);
> }
Doesn't this in fact hide the error to the programmer (by silently correcting)?
Why not instead for instance:
void zeroit(T)(T* ptr) if (!IsPointer!T) {
throw new Exception("Type error: argument to <funcname> should be a
pointer.");
}
(And what if the memory to be actually memset is not ptr's target?)
About non-null thingies, I would be all for a mode in which is inserted
if (p is null) throw ...;
before _every_ implicite or explicite deref of every implicite (pointer) or
implicite (class element) pointer. And even make this the default for
non-release. (With line number in the message ;-)
Am I dreaming?
Denis
-- -- -- -- -- -- --
vit esse estrany ☣
spir.wikidot.com
