On Monday, 22 January 2024 at 19:11:50 UTC, Siarhei Siamashka
wrote:
On Monday, 22 January 2024 at 16:39:10 UTC, Nick Treleaven
wrote:
Memory safety issues are a worse class of bug than arithmetic
bugs. The latter are reproducible if you feed them the same
input.
Memory safety bugs are reproducible with the tools like
`valgrind`.
Not necessarily, valgrind can execute programs too slowly for
human input, so anything that relies on timing is difficult to
reproduce. It also uses far more memory, it could be too much
memory for the system.
Whereas arithmetic overflow bugs are a real PITA to debug.
Assuming that the incorrect results are even noticed.
You're talking about debugging, whereas I'm saying you often
don't even have a chance to *notice* memory-safety bugs, because
they might not even occur on the development system, only on the
production system.
And even if you know there's a memory-safety problem, you can't
easily narrow down where it is (without language support for
memory-safety). With arithmetic problems it's far easier to
narrow down which code is causing them.
But I'm strongly in favour of catching any bugs at compile-time
(and have been since before I discovered D). I just object to
anyone trying to downgrade the importance of automated
memory-safety checking.