On Tue, Jun 10, 2014 at 4:19 PM, Botond Ballo <bba...@mozilla.com> wrote:
> > Why put this into core C++? Why not leave it to libraries?
>
> The standard library is a library :)
>
> One of the biggest criticisms C++ faces is that its standard library is
> very narrow in scope compared to other languages like Java or C#, and thus
> programmers often have to turn to third-party libraries to accomplish tasks
> that one can accomplish "out of the box" in other languages. The Committee
> is trying to address this criticism by expanding the scope of the standard
> library.
>
C++ desperately needs improvements for reducing the occurrence of
use-after-free errors. Rust features for this like borrowed references
should be imported into the language. A real-life (but reduced/modified)
example from mozilla::pkix:
Result parse(const std::vector<uint8_t>& der)
{
Input input(der);
uint8_t b;
if (input.Read(b) != Success) {
return Failure;
}
....
return Result;
}
It should be possible to ensure that, no matter what the Input class does
with the argument in its constructor, there will be no references to the
"der" parameter that outlive the scope of the function. Right now this is
impossible to specify in C++.
Discriminated unions (Boost.Variant or better) are another safety feature
that would be very useful to have in Standard C++.
There should be a way to indicate in a switch statement whether you intend
to cover all the cases:
enum A { a, b, c };
switch (x) {
case a:
return true;
case b:
return false;
}
There needs to be a way to tell the compiler to reject this switch
statement because it doesn't cover all the cases. To work around the lack
of that feature, we end up writing:
switch (x) {
case a:
return true;
case b:
return false;
case c:
return false;
default:
PR_NOT_REACHED("unexpected case"); // or...
MOZ_CRASH("unexpected case");
}
But, that's turning a statically-detectable error into a potential runtime
crash, unnecessarily. Currently, we can mess with compiler warnings
settings to catch these but that isn't good enough.
Large parts of the standard library are unusable or nearly unusable when
exceptions are disabled, such as the standard containers. Sometimes they
can be used if the default allocator is changed to abort on out-of-memory,
but often abort-on-OOM is not what you want. Thus, much (most?) Gecko code
cannot use a huge part of the standard library. For example, it should be
made possible to call std::resize() when exceptions are disabled and
without triggering abort-on-OOM, such that the caller can detect when the
resize fails. Similarly, it should be possible to attempt to append an
element to std::vector without an exception being throw or the process
being aborted on failure, but with the error still detectable.
std::shared_ptr is mostly unusable in Gecko code because there's no way to
specify whether you need thread-safety or not (usually you don't). There
should be a way to specify whether you want to pay the cost of thread
safety when using it.
The language should define a solution for the build time problems that we
work around with UNIFIED_SOURCES, so that we don't have to use
UNIFIED_SOURCES any more.
In general, I'd rather have the committee focus more on safety and
correctness of code by improving the core language and core libraries,
rather than standardizing APIs like graphics.
Cheers,
Brian
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
