Safety, undefined behavior, @safe, @trusted
Leandro Lucarella
llucax at gmail.com
Thu Nov 5 19:25:46 PST 2009
Andrei Alexandrescu, el 5 de noviembre a las 19:10 me escribiste:
> Walter Bright wrote:
> >Andrei Alexandrescu wrote:
> >>Walter Bright wrote:
> >>>Jason House wrote:
> >>>>I posted in the other thread how casting to immutable/shared can be
> >>>>just as bad. A leaked reference prior to casting to immutable/shared
> >>>>is in effect the same as casting away shared. No matter how you mix
> >>>>thread local and shared, or mutable and immutable, you still have the
> >>>>same undefined behavior
> >>>
> >>>Not undefined, it's just that the compiler can't prove it's
> >>>defined behavior. Hence, such code would go into a trusted
> >>>function.
> >>
> >>Are we in agreement that @safe functions have bounds checking on
> >>regardless of -release?
> >
> >You're right from a theoretical perspective, but not from a
> >practical one. People ought to be able to flip on 'safe' without
> >large performance penalties.
> >
> >If it came with inescapable large performance penalties, then
> >it'll get a bad rap and people will be reluctant to use it,
> >defeating its purpose.
>
> This is a showstopper.
>
> What kind of reputation do you think D would achieve if "safe" code
> has buffer overrun attacks?
If you compiled it with the -unsafe (or -disable-bound-check) flag,
I think there should be no impact in the reputation. It the
*users*/*maintainer* (whoever compiles the code) choice if he assumes the
risks.
> A function that wants to rely on hand-made verification in lieu of
> bounds checks may go with @trusted. There is absolutely no way a
> @safe function could allow buffer overruns in D, ever.
Again, the problem is with code you don't control. I want to be able to
turn bound-checking off (and any other runtime safety, but not
compile-time safety) without modifying other people's code.
--
Leandro Lucarella (AKA luca) http://llucax.com.ar/
----------------------------------------------------------------------
GPG Key: 5F5A8D05 (F8CD F9A7 BF00 5431 4145 104C 949E BFB6 5F5A 8D05)
----------------------------------------------------------------------
22% of the time a pizza will arrive faster than an ambulance in Great-Britain
More information about the Digitalmars-d
mailing list