Jump to page: 1 2 3
Thread overview
DIP1000: Memory Safety in a Modern System Programming Language Pt.1
5 days ago
Mike Parker
5 days ago
StarCanopy
5 days ago
Dukc
5 days ago
ezneh
5 days ago
zjh
2 days ago
zjh
1 day ago
Dukc
4 days ago
Dukc
4 days ago
Dom Disc
4 days ago
Dukc
4 days ago
Johan
4 days ago
Dukc
4 days ago
Dukc
3 days ago
Dukc
3 days ago
Kagamin
5 days ago

Ate Eskola was inspired to write a series of tutorials about DIP1000 for the D Blog. The first post in the series is live. If you haven't yet dug into DIP1000 much or understood how to use it, this should give you enough to get started.

The blog:
https://dlang.org/blog/2022/06/21/dip1000-memory-safety-in-a-modern-system-programming-language-pt-1/

Reddit:
https://www.reddit.com/r/programming/comments/vhfd28/memory_safety_in_a_modern_system_programming/

5 days ago

On Tuesday, 21 June 2022 at 15:05:46 UTC, Mike Parker wrote:

>

[...]

int[5] stackData = [-1, -2, -3, -4, -5];

// Lifetime of stackData2 ends
// before limitedRef, so this is
// disallowed.
limitedRef = stackData[];

In the above example, stackData2 seems to be a typo.

5 days ago

On Tuesday, 21 June 2022 at 22:55:56 UTC, StarCanopy wrote:

>

On Tuesday, 21 June 2022 at 15:05:46 UTC, Mike Parker wrote:

>

[...]

int[5] stackData = [-1, -2, -3, -4, -5];

// Lifetime of stackData2 ends
// before limitedRef, so this is
// disallowed.
limitedRef = stackData[];

In the above example, stackData2 seems to be a typo.

Thanks, you're right. Missed that when editing.

5 days ago

On Tuesday, 21 June 2022 at 15:05:46 UTC, Mike Parker wrote:

Good article!

5 days ago

On Wednesday, 22 June 2022 at 06:48:34 UTC, Dukc wrote:

>

On Tuesday, 21 June 2022 at 22:55:56 UTC, StarCanopy wrote:

>

On Tuesday, 21 June 2022 at 15:05:46 UTC, Mike Parker wrote:

>

[...]

int[5] stackData = [-1, -2, -3, -4, -5];

// Lifetime of stackData2 ends
// before limitedRef, so this is
// disallowed.
limitedRef = stackData[];

In the above example, stackData2 seems to be a typo.

Thanks, you're right. Missed that when editing.

Other typo:
, as that dcoument is what

4 days ago

On Tuesday, 21 June 2022 at 15:05:46 UTC, Mike Parker wrote:

>

The blog:
https://dlang.org/blog/2022/06/21/dip1000-memory-safety-in-a-modern-system-programming-language-pt-1/

Now on 26. place at Hacker News.

4 days ago

On Wednesday, 22 June 2022 at 19:09:28 UTC, Dukc wrote:

>

On Tuesday, 21 June 2022 at 15:05:46 UTC, Mike Parker wrote:

>

The blog:
https://dlang.org/blog/2022/06/21/dip1000-memory-safety-in-a-modern-system-programming-language-pt-1/

Now on 26. place at Hacker News.

This was a nice presentation, if there will be a follow up then maybe create examples with a main and a button for «run this» that will show it in run.dlang.org?

I suspect some readers will think TLDR when faced with longer blog posts, and just look at the examples (hence the show-don't-tell principle).

4 days ago

On 6/21/22 11:05 AM, Mike Parker wrote:

>

Ate Eskola was inspired to write a series of tutorials about DIP1000 for the D Blog. The first post in the series is live. If you haven't yet dug into DIP1000 much or understood how to use it, this should give you enough to get started.

The blog:
https://dlang.org/blog/2022/06/21/dip1000-memory-safety-in-a-modern-system-programming-language-pt-1/

Reddit:
https://www.reddit.com/r/programming/comments/vhfd28/memory_safety_in_a_modern_system_programming/

Dip1000's point is starting to seep in. I still think it's going to be a challenge for people new to D (not just us old-timers). But...

The part about scope being shallow. This is a problem.

scope a = "first";
scope b = "second";
string[] arr = [a, b]; // invalid regardless of attributes in @safe code

Sometimes algorithms require manipulation of structure, such as sorting arrays, or using linked lists, and sometimes it's nice to be able to point at things on the stack, temporarily. This is one of the things I was looking forward to with dip1000, since it does allow pointing at the stack when it can work out the details.

Is there any plan to address this other than "just use @system"?

-Steve

4 days ago

On Wednesday, 22 June 2022 at 20:48:13 UTC, Steven Schveighoffer wrote:

>

The part about scope being shallow. This is a problem.

One thing that will be confusing to most users is that it appears to be using "taint" rather than proper flow analysis on the pointed-to-object?

int* test(int arg1, int arg2) {
    int* p = null;
    p = &arg1;
    p = new int(5);
    return p;  // complains about p being scope
}
4 days ago

On 6/22/22 5:07 PM, Ola Fosheim Grøstad wrote:

>

On Wednesday, 22 June 2022 at 20:48:13 UTC, Steven Schveighoffer wrote:

>

The part about scope being shallow. This is a problem.

One thing that will be confusing to most users is that it appears to be using "taint" rather than proper flow analysis on the pointed-to-object?

int* test(int arg1, int arg2) {
     int* p = null;
     p = &arg1;
     p = new int(5);
     return p;  // complains about p being scope
}

The other option is to complain about the assignment of &arg to p. That might be a better answer. At least it's understandable, and not sneaky.

Full flow analysis will be defeatable by more complex situations:

int *p = null;
if(alwaysEvaluateToFalse()) p = &arg;
else p = new int(5);
return p;

That would take a lot of effort just to prove it shouldn't be scope.

-Steve

« First   ‹ Prev
1 2 3