by the way, unsigned += signed is defined |
Yes, but mixing them can cause overflow. Especially working with numbers from the user, and no indication that negatives are not allowed.
If... And my point is that good practices alone are not enough to ensure safety |
Again, an axiom and not the end argument. Since C++ is actually completely safe with good practices alone.. C++ is much much safer with all the new features they've introduced that completely disallow you to shoot yourself in the foot.
You always have the option though.
Question: Is it possible that someone who's been using C++ for almost 20 years knows a bit more about its shortcomings than you? |
Is it possible when my dad gives me life lessons... he's actually right? Yea, but you realize that a person's
amount of experience doesn't matter as much as the quality of their experience. Not to say your experience is not of high quality.
That's not related to my argument anyway, so the answer doesn't matter. It's not like I personally make decisions related to the future of C++ and I wouldn't want to be that person.
I've also made clear my bias. I don't think C++ being safer is bad. However, there are benefits to not being forced into safety and I personally like that aspect of C++.
And my point is that good practices alone are not enough to ensure safety. People need support from compilers and runtimes. No amount of carefulness can replace the checks a compiler makes. |
And I'm saying such compiler and runtime checks exist.. you just have to use them. I don't mind if they add more, even, but they are opt-in.
There's been no pushback from you on my
objective points:
C++ would no longer be backwards compatible as it has always been.
Things you can do in C++ and is perfectly safe (but has the capacity for UB) will disappear.
C++ will potentially become slower (as the more dangerous features are faster than the safe ones)
And what would the difference be between C++ and Rust at that point? If we already have Rust, do we need C++ to copy it?
And you can't argue that people wouldn't have to switch to Rust if C++ became better. This wouldn't be some update to your compiler then business as usual, the language will be completely different. It would be a switch and code would have be rewritten, many times even from scratch.
Forget losing market share in the future, C++ would lose users
now if the language suddenly changed so drastically. You also can't really argue changing it one step at a time, as Every.Single.Step would ensure that the new C++ compiler is incompatible with all previous versions - a nightmare for anyone, and particularly any company, that uses it.
The solution? Opt-in safety features.. Like they already have and keep implementing.
I have not been arguing the practicality of a safer C++ in terms of C++ "disappearing" for being too unsafe as you claimed. That's because, objectively, a safer C++ is "better", but only when analyzing from specifically that viewpoint of safety.
And I don't make these decisions for C++, so it's even more pointless to argue about it, hence I've only given my personal feelings on the matter.
There is no gotcha; the issue is obvious if you know what to look for. Last hint: you will not find any rule warning against my mistake in any guidelines on how to write C++.
Care to try again? |
"If you know what you're looking for"
is sort of a gotcha. Plenty of code may cause issues, but is code that you would never write, hence you may not spot it in someone else's code.
The main reason I didn't look at your code thoroughly is because I'm use to debugging on Visual Studio, I like having variable highlighting and such. But obviously if I paste the code I'll have a bunch of errors highlighted, which is annoying.
It's also annoying because the logic itself of the program is incorrect as you pointed out:
1 2 3 4 5 6
|
case '(':
ret += eval(tokens);
//throws if the top of tokens is not ')'.
check_top(tokens, ')');
tokens.pop_front();
continue;
| |
It doesn't make sense, why would the top of the tokens be ')'? The function will return only if ')' has already been popped from the deque. However, assuming check_top correctly ensures there's at least some element in the deque, then pop_front() should be fine.
This all just makes it hard to give a serious eye to the code. I only looked at the "eval", but I looked it from top to bottom and I don't see anything wrong.
There are instances of
bad practice in this code, but I don't see anything that would lead to UB.
So please enlighten me wizard.