1. 26

  2. 3

    This is not one rogue example that is easily addressed.

    Is this some joke? s/anything reachable via global variables/anything reachable via global variables that the function actually uses/.

    This example cuts to the heart of the problem, which is that understanding aliasing in the face of functions with potentially unbounded side effects is notoriously difficult.

    Then bound the side effects!

    1. 3

      I have been enjoying the combination of gcc function attributes and splint static type checker. I can claim properties for function to inform the optimiser and check'em with splint.

      However this is all painfully clearly a kludge and a band aid.

      I’d ditch C, splint, C++ and C++ Core Guidelines for D in a blink of an eyelid given a chance.

      These concepts of purity, safety, immutable, const, …. need to be carefully thought out, baked into the language and checked by the compiler.

      1. 1

        Yay! Another D enthusiast! There are dozens of us!

        I can’t get myself into Rust. Maybe if D grows enough, we’ll be able to fix its stupid license.

        1. 2

          I was not aware of any license issue?

          From the D faq.

          Is D open source?

          The front end for the dmd D compiler is open source. The back end for dmd is licensed from Symantec, and is not compatible with open-source licenses such as the GPL. Nonetheless, the complete source comes with the compiler, and all development takes place publicly on github. Compilers using the DMD front end and the GCC and LLVM open source backends are also available. The runtime library is completely open source using the Boost License 1.0. The gdc and ldc D compilers are completely open sourced.

          1. 6

            Read the license. It’s incredibly stupid. It says that you have to acknowledge that the software can’t be used after 1999 (stupid, but harmless) and that you can’t use it in life critical situations (stupid and actually problematic, as it’s not merely a disclaimer of warranty). It also forbids distribution unless you get permission from them, a clause that everyone that is forking it on github is violating. I am sure that each forker isn’t first getting permission before they fork.

            Yeah, it’s a good thing that it’s possible to replace the backend with free alternatives, but the reference implementation is what everyone tells newcomers to use and where most of the action is.

            1. 1

              Hmm, the mathematician in me says it doesn’t apply.

              The Software is not generally available software. It has not undergone testing and may contain errors. The Software was not designed to operate after December 31, 1999. It may be incomplete and it may not function properly. No support or maintenance is provided with this Software. Do not install or distribute the Software if you are not accustomed to using or distributing experimental software. Do not use this software for life critical applications, or applications that could cause significant harm or property damage.

              ie. The compiler backend is untested and unsupported, if running it could cause damage don’t do that.

              However the absolute worst I have seen a compiler backend do is fill up my disk and overwrite a file.

              So running that compiler backend on the computer that controls your local nuclear power stations is forbidden.

              Do not install or distribute the Software if you are not accustomed to using or distributing experimental software.

              Why would one have a compiler on your disk if your weren’t?

              However if I test (in a safe environment) the results created by that backend and satisfy myself that it works correctly and safely… No problem. Go ahead.

              Sure that license is legalese stupid… Which never stopped Java… http://www.oracle.com/technetwork/java/javase/downloads/jre-6u21-license-159054.txt

              You acknowledge that Licensed Software is not designed or intended for use in the design, construction, operation or maintenance of any nuclear facility

              The Open Source advocate in me says, yup, I can see why Debian won’t distribute DMD.

              But since I want something I can cross compile to embedded systems DMD isn’t particular interesting to me, gdc is.

              1. 3

                No, no, the Java case is different. It just disclaims warranty. It just makes you acknowledge something. Stupid, but harmless. The DMD license actually says that you can’t use it under certain (stupid) circumstances. It says “do not install, do not use, do not distribute”.

                Anyway, that’s not the biggest problem. The biggest problem is the part where it says you can’t distribute it unless you get permission. What’s doubly stupid is that this part is getting routinely violated.

      2. 2

        Is this some joke?

        The article states its point clearly: “but what rule would reject it?”


        Same difference. If you pass something to a function, it may use it.

        Then bound the side effects!

        potentially. C++ permits unbounded side effects.

      3. 1

        “I found this feature globals in C++ that sane programmers don’t use, it has some issues such as dangling pointers. C++ is just the worst!”

        1. 6

          The problem is that C++ is a huge number of features flying in a not-too-close formation, and C++ apologists claim the “sane programmers don’t use” about 90% of them. Even if it were true about globals (which it isn’t), the fact is that globals exist as a feature of the language. And if they’re “unsafe”, they must be explicitly outside of the “safe” subset of the language.

          1. 2

            Also “saneness” arguments aside, they underestimate the power of “I just have 8 hours left and I need to get this done, memory safety and good code go to hell”. Crunch time in Java yields memory-safe code, in C++ probably not.