GC implementation

[Sean Kelly]

Frank Benoit wrote:
> As far as I see, the D garbage collector is a conservative
> implementation. Is that correct?

Yes.

> Conservative gc means, the gc does not know where the pointers are
> located. Every 4-byte word is interpreted as potential pointer. If the
> value is in the address range of the gc heap, it can prevent objects or
> complete trees from being freed.
> 
> This is no problem for most application. But isn't this a show stopper
> for secure applications, like server processes?

I suppose that depends on the security constraints.  A sufficiently 
paranoid programmer could always store data encrypted in memory, or 
explicitly call delete on temporary data.

> How to prevent hacks? If someone for magic knows critical adresses and
> supplies them in input values (data fields), he can force the
> application to go down, running out of memory.

And if the attacker has physical access to the machine he can extract 
sideband information simply by detecting voltage variations in the 
motherboard.  While I agree that the GC could be tuned a bit, I don't 
find the security argument to be terribly persuasive, as such 
applications must already be careful about how data is managed.


Sean