On Tue, 04 Jan 2011 07:34:15 -0500 bearophile <bearophileh...@lycos.com> wrote:
> An example of bug (more than 14 like this fixed in few years): > > - memset(pp, 0, sizeof(pp)); > + memset(pp, 0, sizeof(*pp)); > > - memcpy((caddr_t)TstSchedTbl, (caddr_t)&vcIndex,sizeof(TstSchedTbl)); > + memcpy((caddr_t)TstSchedTbl, (caddr_t)&vcIndex, sizeof(*TstSchedTbl)); > > Here the type system knows that pp is a pointer. sizeof(pp) is typically a > word, while the correct sizeof(*pp) is often larger. A simple way to avoid > this bug in D is to use a zerioing template function, something like > (untested) (in GNU C there is a way to write a similar macro, I don't know > why they don't use it, even if it's a bit less safe and much less nice > looking): > > void zeroit(T)(T* ptr) if (!IsPointer!T) { > memset(ptr, 0, (*ptr).sizeof); > } Doesn't this in fact hide the error to the programmer (by silently correcting)? Why not instead for instance: void zeroit(T)(T* ptr) if (!IsPointer!T) { throw new Exception("Type error: argument to <funcname> should be a pointer."); } (And what if the memory to be actually memset is not ptr's target?) About non-null thingies, I would be all for a mode in which is inserted if (p is null) throw ...; before _every_ implicite or explicite deref of every implicite (pointer) or implicite (class element) pointer. And even make this the default for non-release. (With line number in the message ;-) Am I dreaming? Denis -- -- -- -- -- -- -- vit esse estrany ☣ spir.wikidot.com