BCS wrote:
Hello Walter,
BCS wrote:
Yes the ignition (as the the key) doesn't turn off but when the
engine quits running the ignition system (as in the magneto or that
block of epoxy and silicon under the hood) quits triggering the
spark. Tie into that.
Trying to determine if the
BCS wrote:
your driving down the road talking about programing language design and
suddenly an 18 wheeler starts tail gateing and another pulls out to
pass. In the middle of that, your engine starts to splutter, something
it has never done before. What is your reaction? I'll give 10:1 that it
Hello Walter,
BCS wrote:
With the pump shut off, you have a few seconds of fuel left in the
carb. With no oil pressure, your engine is going to seize anyway.
In a few minutes yes (and it will still run for some time after it's
damaged beyond repair), more than long enough off get off the
Hello Walter,
BCS wrote:
For some systems, once you hit a seg-v, things can't get any worse
Oh, yes they can!
For some cases they can, for others they can't.
You could now be executing a virus. *Anything* the
software is connected to can now do anything wrong or malicious.
(On my
BCS wrote:
(On my car, I installed an oil pressure switch that shuts off the
electric fuel pump if the pressure drops.
It might not translate to CS but there are good reasons that such a
device doesn't come standard on cars; the first time one killed a car in
rush hour traffic and set off a 50
Hello Walter,
BCS wrote:
(On my car, I installed an oil pressure switch that shuts off the
electric fuel pump if the pressure drops.
It might not translate to CS but there are good reasons that such a
device doesn't come standard on cars; the first time one killed a car
in rush hour traffic
BCS wrote:
With the pump shut off, you have a few seconds of fuel left in the
carb. With no oil pressure, your engine is going to seize anyway.
In a few minutes yes (and it will still run for some time after it's
damaged beyond repair), more than long enough off get off the road. I'd
put a
Hello Walter,
Tomas Lindquist Olsen wrote:
You spent quite a bit of effort explaining that segfaults never cause
memory corruption, so it seems fairly reasonable to assume that some
parts of the application state could still be valid and useful not to
throw away.
When a seg fault occurs, it
Hello Walter,
Max Samukha wrote:
On Mon, 16 Nov 2009 12:48:51 -0800, Walter Bright
newshou...@digitalmars.com wrote:
If you've got a system that relies on the software continuing to
function after an unexpected null seg fault, you have a VERY BADLY
DESIGNED and COMPLETELY UNSAFE system. I
BCS wrote:
For some systems, once you hit a seg-v, things can't get any worse
Oh, yes they can! You could now be executing a virus. *Anything* the
software is connected to can now do anything wrong or malicious.
(On my car, I installed an oil pressure switch that shuts off the
electric
On Mon, 16 Nov 2009 12:48:51 -0800, Walter Bright
newshou...@digitalmars.com wrote:
If you've got a system that relies on the software continuing to
function after an unexpected null seg fault, you have a VERY BADLY
DESIGNED and COMPLETELY UNSAFE system. I really cannot emphasize this
enough.
Max Samukha wrote:
On Mon, 16 Nov 2009 12:48:51 -0800, Walter Bright
newshou...@digitalmars.com wrote:
If you've got a system that relies on the software continuing to
function after an unexpected null seg fault, you have a VERY BADLY
DESIGNED and COMPLETELY UNSAFE system. I really cannot
On Tue, Nov 17, 2009 at 11:51 AM, Walter Bright
newshou...@digitalmars.com wrote:
Max Samukha wrote:
On Mon, 16 Nov 2009 12:48:51 -0800, Walter Bright
newshou...@digitalmars.com wrote:
If you've got a system that relies on the software continuing to function
after an unexpected null seg
== Quote from Tomas Lindquist Olsen (tomas.l.ol...@gmail.com)'s article
I'm not sure if LDC will ever support D2 (at least wont be by my hand)
What is it about D2 that makes this unlikely? I thought after LDC D1 support
was
stable and the D2 spec and front end were stable, the natural
On Tue, Nov 17, 2009 at 4:45 PM, dsimcha dsim...@yahoo.com wrote:
== Quote from Tomas Lindquist Olsen (tomas.l.ol...@gmail.com)'s article
I'm not sure if LDC will ever support D2 (at least wont be by my hand)
What is it about D2 that makes this unlikely? I thought after LDC D1 support
was
Tomas Lindquist Olsen Wrote:
On Tue, Nov 17, 2009 at 11:51 AM, Walter Bright
newshou...@digitalmars.com wrote:
I suppose nobody much cares if it writes out a corrupted audio file. People
care very much if their airplane suddenly dives into the ground.
Be that as it may, it is
Sean Kelly wrote:
Tomas Lindquist Olsen Wrote:
On Tue, Nov 17, 2009 at 11:51 AM, Walter Bright
newshou...@digitalmars.com wrote:
I suppose nobody much cares if it writes out a corrupted audio file. People
care very much if their airplane suddenly dives into the ground.
Be that as it may, it
Tomas Lindquist Olsen:
LDC requires a lot of changes to the frontend.
* DMD is not written as a cross compiler
* The runtime interfaces are hardcoded into the frontend semantics
* The ast rewrites dmd does are destructive and buggy
* The dmd codegen is all over the frontend code, it wasn't
On Tue, Nov 17, 2009 at 5:58 PM, bearophile bearophileh...@lycos.com wrote:
Tomas Lindquist Olsen:
LDC requires a lot of changes to the frontend.
* DMD is not written as a cross compiler
* The runtime interfaces are hardcoded into the frontend semantics
* The ast rewrites dmd does are
Tomas Lindquist Olsen wrote:
You spent quite a bit of effort explaining that segfaults never cause
memory corruption, so it seems fairly reasonable to assume that some
parts of the application state could still be valid and useful not to
throw away.
When a seg fault occurs, it is because your
Tomas Lindquist Olsen wrote:
LDC requires a lot of changes to the frontend.
If you send me the changes, I can incorporate at least some of them,
making subsequent versions easier to port to LDC.
On Tue, 17 Nov 2009 02:51:13 -0800, Walter Bright
newshou...@digitalmars.com wrote:
I suppose nobody much cares if it writes out a corrupted audio file.
People care very much if their airplane suddenly dives into the ground.
Be that as it may, it is certainly possible to catch seg faults in an
Andrei Alexandrescu Wrote:
Sean Kelly wrote:
Tomas Lindquist Olsen Wrote:
On Tue, Nov 17, 2009 at 11:51 AM, Walter Bright
newshou...@digitalmars.com wrote:
I suppose nobody much cares if it writes out a corrupted audio file.
People
care very much if their airplane suddenly dives
C standard library alloca function has an undefined behavior when
requested size is large enough to cause a stack overflow, but many (good)
implementations return null instead. So does DMD, for example. I believe
it would be even better to go ahead and enforce D implementation to return
a
Denis Koroskin wrote:
C standard library alloca function has an undefined behavior when
requested size is large enough to cause a stack overflow, but many
(good) implementations return null instead. So does DMD, for example. I
believe it would be even better to go ahead and enforce D
Walter Bright:
A person using alloca is expecting stack allocation, and
that it goes away after the function exits. Switching arbitrarily to the
gc will not be detected and may hide a programming error (asking for a
gigantic piece of memory is not anticipated for alloca, and could be
== Quote from Walter Bright (newshou...@digitalmars.com)'s article
Denis Koroskin wrote:
C standard library alloca function has an undefined behavior when
requested size is large enough to cause a stack overflow, but many
(good) implementations return null instead. So does DMD, for example.
On Mon, 16 Nov 2009 17:01:32 +0300, dsimcha dsim...@yahoo.com wrote:
== Quote from Walter Bright (newshou...@digitalmars.com)'s article
Denis Koroskin wrote:
C standard library alloca function has an undefined behavior when
requested size is large enough to cause a stack overflow, but many
== Quote from Denis Koroskin (2kor...@gmail.com)'s article
On Mon, 16 Nov 2009 17:01:32 +0300, dsimcha dsim...@yahoo.com wrote:
== Quote from Walter Bright (newshou...@digitalmars.com)'s article
Denis Koroskin wrote:
C standard library alloca function has an undefined behavior when
dsimcha schrieb:
Yes, but it stops the program in such a way that it's very hard to figure out
why/where it died. The solution, which I've wanted for a while and I think
others
have proposed, is for DMD to implicitly assert that every pointer is non-null
before dereferencing it when in
bearophile wrote:
Walter Bright:
A person using alloca is expecting stack allocation, and
that it goes away after the function exits. Switching arbitrarily to the
gc will not be detected and may hide a programming error (asking for a
gigantic piece of memory is not anticipated for alloca,
== Quote from Andrei Alexandrescu (seewebsiteforem...@erdani.org)'s article
bearophile wrote:
Walter Bright:
A person using alloca is expecting stack allocation, and
that it goes away after the function exits. Switching arbitrarily to the
gc will not be detected and may hide a
On Mon, 16 Nov 2009 19:27:41 +0300, Andrei Alexandrescu
seewebsiteforem...@erdani.org wrote:
bearophile wrote:
Walter Bright:
A person using alloca is expecting stack allocation, and that it goes
away after the function exits. Switching arbitrarily to the gc will
not be detected and may
Denis Koroskin wrote:
On Mon, 16 Nov 2009 19:27:41 +0300, Andrei Alexandrescu
seewebsiteforem...@erdani.org wrote:
bearophile wrote:
Walter Bright:
A person using alloca is expecting stack allocation, and that it
goes away after the function exits. Switching arbitrarily to the gc
will not
Andrei Alexandrescu:
Can't be written. Try it.
Thank you for being gentle with me still :-)
Almost every day I say something stupid in this newsgroup...
Bye,
bearophile
bearophile wrote:
Andrei Alexandrescu:
Can't be written. Try it.
Thank you for being gentle with me still :-)
Almost every day I say something stupid in this newsgroup...
Bye,
bearophile
Sorry, I was just lacking the time. I also tried to encapsulate alloca
once. It becomes obvious once
dsimcha wrote:
Yes, but it stops the program in such a way that it's very hard to figure out
why/where it died.
I don't want to get into another lng thread about should pointers be
nullable or not, I just wished to point out that it was not a *safety*
issue.
Walter Bright:
I don't want to get into another lng thread about should pointers be
nullable or not,
It was a good thread with good ideas.
I just wished to point out that it was not a *safety* issue.
A safe system is not a program that switches itself off as soon as there's a
small
== Quote from bearophile (bearophileh...@lycos.com)'s article
Walter Bright:
I don't want to get into another lng thread about should pointers be
nullable or not,
It was a good thread with good ideas.
I just wished to point out that it was not a *safety* issue.
A safe system is not a
bearophile wrote:
Walter Bright:
I don't want to get into another lng thread about should
pointers be nullable or not,
It was a good thread with good ideas.
I just wished to point out that it was not a *safety* issue.
A safe system is not a program that switches itself off as soon
bearophile wrote:
Walter Bright:
I just wished to point out that it was not a *safety* issue.
A safe system is not a program that switches itself off as soon as
there's a small problem.
Computers cannot know whether a problem is small or not.
One Ariane missile has self-destroyed (and
Walter Bright wrote:
dsimcha wrote:
In a way you're right. However, there is no universal answer for what
to do about
a null pointer except die **with a good error message explaining what
went
wrong**. This is the part that's missing. Right now you get an
access violation.
I'd like an
dsimcha wrote:
In a way you're right. However, there is no universal answer for what to do
about
a null pointer except die **with a good error message explaining what went
wrong**. This is the part that's missing. Right now you get an access
violation.
I'd like an assert failure with a
On Mon, Nov 16, 2009 at 03:19:06PM -0500, bearophile wrote:
One Ariane missile has self-destroyed (and destroyed an extremely important
scientific satellite it was carrying whose mission I miss still) because of
this silly behaviour united with the inflexibility of the Ada language.
Would
Andrei Alexandrescu wrote:
Denis Koroskin wrote:
On Mon, 16 Nov 2009 19:27:41 +0300, Andrei Alexandrescu
seewebsiteforem...@erdani.org wrote:
bearophile wrote:
Walter Bright:
A person using alloca is expecting stack allocation, and that it
goes away after the function exits. Switching
On Mon, 16 Nov 2009 12:48:51 -0800, Walter Bright wrote:
bearophile wrote:
Walter Bright:
I just wished to point out that it was not a *safety* issue.
A safe system is not a program that switches itself off as soon as
there's a small problem.
Computers cannot know whether a problem is
Yigal Chripun wrote:
Andrei Alexandrescu wrote:
Denis Koroskin wrote:
On Mon, 16 Nov 2009 19:27:41 +0300, Andrei Alexandrescu
seewebsiteforem...@erdani.org wrote:
bearophile wrote:
Walter Bright:
A person using alloca is expecting stack allocation, and that it
goes away after the
On Mon, Nov 16, 2009 at 9:48 PM, Walter Bright
newshou...@digitalmars.com wrote:
bearophile wrote:
Walter Bright:
I just wished to point out that it was not a *safety* issue.
A safe system is not a program that switches itself off as soon as
there's a small problem.
Computers cannot know
I am sorry for having mixed global reliability of a system with the discussion
about non nullable class references. It's my fault. Those are two very
different topics, as Walter says. Here I give few comments, but please try to
keep the two things separated. If that's not possible, feel free to
Tomas Lindquist Olsen wrote:
You sure got all the answers...
I had it beaten into my head by people who had 50 years of experience
designing reliable airliners - what worked and what didn't work.
The consensus on what constitutes best practices for software
reliability is steadily
bearophile wrote:
They use a different design strategy to
be so reliable.
My understanding (I am no biologist) is that biology achieves
reliability by using redundancy, not by requiring individual components
to be perfect.
The redundancy goes down to the DNA level, even.
Another way is it
On Mon, 16 Nov 2009 20:39:57 +0300, Andrei Alexandrescu
seewebsiteforem...@erdani.org wrote:
Denis Koroskin wrote:
On Mon, 16 Nov 2009 19:27:41 +0300, Andrei Alexandrescu
seewebsiteforem...@erdani.org wrote:
bearophile wrote:
Walter Bright:
A person using alloca is expecting stack
Denis Koroskin wrote:
On Mon, 16 Nov 2009 20:39:57 +0300, Andrei Alexandrescu
seewebsiteforem...@erdani.org wrote:
Denis Koroskin wrote:
On Mon, 16 Nov 2009 19:27:41 +0300, Andrei Alexandrescu
seewebsiteforem...@erdani.org wrote:
bearophile wrote:
Walter Bright:
A person using alloca is
Walter Bright:
is that biology achieves reliability by using redundancy, not by requiring
individual components to be perfect. The redundancy goes down to the DNA
level, even. Another way is it uses quantity, rather than quality. Many
organisms produce millions of offspring in the hope that
54 matches
Mail list logo