What about:glauxosdever wrote:Everything that is created by the code is being initialised. Therefore......is an error, or causes a to be implicitly initialised to 0. I'm undecided.Code: Select all
u8 a;
Code: Select all
u8 a;
if (condition) {
a = getFoo();
} else {
a = getBar();
}I quickly mentioned using an Option<T> type or a T? type- given a type T, Option<T> can be either Some(t) or None, sort of a tagged union. Using a non-nullable pointer type for T, you get a nullable pointer. If the compiler exploits its knowledge that 0 is an invalid value for the pointer, Option<T*> even gets the same representation as a C-style nullable pointer.glauxosdever wrote:As for the lot of extra work for something that should be the default (in this case the pointer that is never null), it would be nice to hear how to specify something that is not the default (in this case the pointer that can be null).
Code: Select all
let maybe_bob: Option<&Person> = get_person("bob");
match maybe_bob {
Some(bob) => { process(bob); } // here, bob is a pointer to a Person
None => { panic!("bob doesn't exist"); } // here, bob is not in scope because maybe_bob is None
}What if all list types utilize common list logic. This logic will not be equally type safe, because it is shared by the circular and non-circular variants. For example, add_node(what, where) is a good candidate. The node structure of the "base" list type will allow null for its next pointer type. Thus, by forwarding processing to the "general" functions, the circular list inherits the unsafety of the base list. This is a limited example, but reuse and passing control between generalist and specific code are virtually everywhere. Generics may solve the problem sometimes, but not always.The programmer should exclude 0 from the pointer's range then. The way to do it portably is yet to be specified unfortunately.
If a string is read from configuration file at the start of the program, whether the respective global object is statically initialized to null or non-null is besides the point. If say, it is initialized to empty string, it will be just as useless, even though the dereference will be valid memory access. On the other hand, once the configuration parsing is complete, the pointer will become truly valid and the contents will become meaningful. Which also introduces another nuance - correctness vs. definedness. A program that always invokes defined behavior, such as valid memory accesses is not automatically correct. In fact, if the programmer is forced to use "defined" state for the sake of it, that initial state may end up being a set of dummy values. Although it might encourage good programming practices, in my opinion, it will not contribute as much to the program's correctness. In contrast, discovering whether invalid access actually occurs is a much stronger value for the programmer.Everything that is created by the code is being initialised.
The interactive environment thing is a personal vision, inspired by some instruments. Don't read too much into it. What I was hinting at is that you are not constrained by the edit, compile, debug cycle. The classical view is that those instruments should be separate, but I think that this point can be challenged. So, basically, I think that stricter, safer language is very much desirable, but doubt that automatic correctness will be possible.I will look into that.
If you intend this to ever take off then please give it a name that would be easier to search for =Pglauxosdever wrote:Since the initial question has been answered, I think I could speak a bit about the language as a whole. To start, I am going to call it G, since there is no systems programming language called like that, as far as I can tell. There are however other languages called G, but they are mostly domain specific and not well-known.
Random comment: try to make it as painless as possible. A lot of language designers see programmers not adding error checks and think the problem is that they're not forced to do it, rather than wondering if it's an usability issue and what can be done to reduce the need for error checks as much as possible (and where needed, help make it be likely to handle it in a reasonable way instead of doing something dumb like aborting because they're rushing to meet a deadline). Especially since having checks everywhere can add clutter.glauxosdever wrote:My general intention is to make programmer errors harder. I am aware this may annoy programmers when trying to get used to it, but I am also aware it will reduce debugging time, since errors will be more rare. Consider a divide-by-zero error. If the compiler can't ensure the divisor is non-zero, it will error right at compilation time. Consider now an out-of-bounds error, which involves using a variable as an index to access an element of a 12-element array. If the variable has the value 12 or greater, or is negative, it will definitely result in an error which, unlike the divide-by-zero error, may not even be evident at runtime. The compiler should be able to ensure the variable is in range in order to compile the code.
Yeah, I'd say each type should just have a "default" value (e.g. 0 or false) that becomes the initialized value when a programmer doesn't specify one (and if later it turns out it isn't used, the compiler can easily just optimize it out). I think a lot of beginners expect variables to be a value like that by default, enforcing it in the language would help make it reliable.glauxosdever wrote:A common case for undefined behaviour is uninitialised variables, and this is something I would rather forbid right from its roots (except for accessing values through pointers, where the compiler can't do anything at compile time). Another option would be to implicitly initialise to zero.
If you have an array with two elements representing an on/off state, you can use a boolean as an index to the relevant value immediately (I've done this in some cases, yeah, mostly when dealing with rendering interfaces).glauxosdever wrote:Booleans should not be built on top of integers like in C. Consider the "a + (b == c)" expression. Is there any real use for it?
After fighting non-stop with some stupid Android limitations in a tablet, I can confirm.alexfru wrote:And one would think that Google's got the best programmers. Apparently, not.
The compiler should be smart enough to optimise it out.Kevin wrote:What about:Would you have to do a useless initialisation that is immediately overwritten?Code: Select all
u8 a; if (condition) { a = getFoo(); } else { a = getBar(); }
Code: Select all
u16* indexrange[0, 80*25) b = 0x000B8000;Code: Select all
*(b + 10) = 0x65;Code: Select all
b[10] = 0x65;Code: Select all
*(b + 80*25 + 100) = 0x65;Code: Select all
b[80*25 + 100] = 0x65;If the compiler is smart enough to optimise it out, it should also be smart enough to allow me leaving out the useless explicit initialisation.glauxosdever wrote:The compiler should be smart enough to optimise it out.Kevin wrote:Would you have to do a useless initialisation that is immediately overwritten?
That's why I thought of disallowing accesses through *(pointer + integer) and *(pointer + pointer). Accesses through pointer[integer] would however be allowed as long as integer fits in indexrange.Kevin wrote:About your pointers: What is the type of b + 10 in your example? Is it u16* indexrange[-10, 80*25 - 10)? If you use a variable instead of 10, you don't necessarily know the resulting type at compile time, though. Which is fine if you're only doing runtime checks anyway, but something to be aware of.
Code: Select all
u8 a = 10;
u8 range[0, 20]* b = &a;
a = 30;
This is not fine because you know "a" is changed elsewhere:glauxosdever wrote:While discussing in #osdev, people suggested an issue I didn't come up with. What happens if......therefore *b not being in range anymore? This is a simple example the compiler can detect, but what happens if, for example, some other thread writes to a and the compiler can't detect it? This is something that needs to be resolved too.Code: Select all
u8 a = 10; u8 range[0, 20]* b = &a; a = 30;
Code: Select all
u8 a = 10;
u8 range[0, 20]* b = &a;
void foo(void) {
a = 99;
}Code: Select all
const u8 a = 10;
u8 range[0, 20]* b = &a;Code: Select all
u8 a = 10;
u8 range[0, 20]* b = &a;For my work/research; I decided it wasn't worth the hassle. More specifically; I decided it was better to encourage the use of arrays (where array indices are checked), and that for "rare use" of pointers (e.g. in system code) there's a good chance (for an OS using a micro-kernel like mine) that any dodgy pointer problems would result in a page fault that makes the problem easy to find/debug anyway.Kevin wrote:I'm not sure if the hassle of dealing with ranges is worth it for pointers. Just distinguishing nullable and non-nullable pointers would be a lot easier and would already get you the most important advantage.
Oops, I think I misinterpreted this as being a pointer with a range of addresses instead of a pointer to an integer with range. Maybe copying C syntax really isn't the best idea.glauxosdever wrote:...therefore *b not being in range anymore?Code: Select all
u8 a = 10; u8 range[0, 20]* b = &a; a = 30;
If you'd like, I can point you in the directions of some insane programmers, starting with myself. Both TempleOS and SpectateSwamp have been mentioned here before, but they are just the tip of that iceberg.glauxosdever wrote: Anyway, no sane programmer would try to do that.