logoalt Hacker News

IshKebabtoday at 12:58 PM2 repliesview on HN

The problem isn't implicit things happening.

He's talking about this problem. Can this code panic?

    foo();
You can't easily answer that in Rust or Zig. In both cases you have to walk the entire call graph of the function (which could be arbitrarily large) and check for panics. It's not feasible to do by hand. The compiler could do it though.

Replies

throwaw3ytoday at 2:44 PM

"Panic-free" labels are so difficult to ascribe without being misleading because temporal memory effects can cause panics. Pusher too much onto your stack because the function happened to be preceded by a ton of other stack allocations? Crash. Heap too full and malloc failed? Crash. These things can happen from user input, so labelling a function no_panic just because it doesn't do any unchecked indexing can dangerously mislead readers into thinking code can't crash when it can.

show 1 reply
OptionOfTtoday at 1:16 PM

What about doing something that Java does with the throws keyword? Would that make the checking easier?

show 1 reply