Most active commenters
  • creato(3)

←back to thread

The C++ standard for the F-35 Fighter Jet [video]

(www.youtube.com)
327 points AareyBaba | 13 comments | 07 Dec 25 18:07 UTC | HN request time: 0.001s | source | bottom
Show context
don-code ◴[07 Dec 25 23:11 UTC] No.46186343[source]
> All if, else if constructs will contain either a final else clause or a comment indicating why a final else clause is not necessary.

I actually do this as well, but in addition I log out a message like, "value was neither found nor not found. This should never happen."

This is incredibly useful for debugging. When code is running at scale, nonzero probability events happen all the time, and being able to immediately understand what happened - even if I don't understand why - has been very valuable to me.

replies(2): >>46187141 #>>46187743 #
1. YesBox ◴[08 Dec 25 02:45 UTC] No.46187743[source]
Same. I go one step further and create a macro _STOP which is defined as w/e your language's DebugBreak() is. And if it's really important, _CRASH (this coerces me to fix the issue immediately)
replies(1): >>46187836 #
2. creato ◴[08 Dec 25 03:01 UTC] No.46187836[source]
The "standard" (typically defined in projects I'm familiar with, and as of C23, an actual standard) is "unreachable": https://en.cppreference.com/w/c/program/unreachable.html
replies(2): >>46187855 #>>46188241 #
3. YesBox ◴[08 Dec 25 03:05 UTC] No.46187855[source]
C++ keeps getting bigger and bigger :D

Thanks for sharing

replies(1): >>46188147 #
4. creato ◴[08 Dec 25 04:01 UTC] No.46188147{3}[source]
This is actually C and C++ has not done something similar AFAIK.
replies(3): >>46189837 #>>46190840 #>>46191037 #
5. vlovich123 ◴[08 Dec 25 04:18 UTC] No.46188241[source]
That is not the same thing at all. Unreachable means that entire branch cannot be taken and the compiler is free to inject optimizations assuming that’s the case. It doesn’t need to crash if the violation isn’t met - indeed it probably won’t. It’s the equivalent of having something like

    x->foo();
    if (x == null) {
        Return error…;
    }
This literally caused a security vulnerability in the Linux kernel because it’s UB to dereference null (even in the kernel where engineers assumed it had well defined semantics) and it elided the null pointer check which then created a vulnerability.

I would say that using unreachable() in mission critical software is super dangerous, moreso than an allocation failing. You want to remove all potential for UB (ie safe rust with no or minimal unsafe, not sprinkling in UB as a form of documentation).

replies(2): >>46188922 #>>46189769 #
6. creato ◴[08 Dec 25 06:05 UTC] No.46188922{3}[source]
You're right, the thing I linked to do does exactly that. I should have read it more closely.

The projects that I've worked on, unconditionally define it as a thing that crashes (e.g. `std::abort` with a message). They don't actually use that C/C++ thing (because C23 is too new), and apparently it would be wrong to do so.

replies(1): >>46190411 #
7. skepti ◴[08 Dec 25 08:26 UTC] No.46189769{3}[source]
For many types of projects and approaches, avoiding UB is necessary but not at all sufficient. It's perfectly possible to have critical bugs that can cause loss of health or life or loss of millions of dollars, without any undefined behavior being involved.

Funnily enough, Rust's pattern matching, an innovation among systems languages without GCs (a small space inhabited by languages like C, C++ and Ada), may matter more regarding correctness and reliability than its famous borrow checker.

replies(1): >>46189879 #
8. hn_go_brrrrr ◴[08 Dec 25 08:35 UTC] No.46189837{4}[source]
Fortunately the major compiler vendors all have. Routing around the standards committee is getting more and more common.
9. zozbot234 ◴[08 Dec 25 08:40 UTC] No.46189879{4}[source]
Didn't PASCAL have variant record types with a kind of primitive pattern matching already?
replies(1): >>46191151 #
10. uecker ◴[08 Dec 25 09:53 UTC] No.46190411{4}[source]
You can use the standard feature with the unreachable sanitizer: https://godbolt.org/z/3hePd18Tn
11. Fulgen ◴[08 Dec 25 10:50 UTC] No.46190840{4}[source]
https://en.cppreference.com/w/cpp/utility/unreachable.html
12. TuxSH ◴[08 Dec 25 11:22 UTC] No.46191037{4}[source]
C++23 does have std::unreachable (as a function), and its counterpart [[assume(expr)]]
13. skepti3 ◴[08 Dec 25 11:41 UTC] No.46191151{5}[source]
Possibly, I am not sure, though Delphi, a successor language, doesn't seem to advertise itself as having pattern matching.

Maybe it is too primitive to be considered proper pattern matching, as pattern matching is known these days. Pattern matching has actually evolved quite a bit over the decades.