llvm's SAFECode bounds checking algorithm

Marco Leise Marco.Leise at gmx.de
Sun Aug 21 05:59:38 PDT 2011


Am 21.08.2011, 12:55 Uhr, schrieb Robert Clipsham  
<robert at octarineparrot.com>:

> On 20/08/2011 16:40, Walter Bright wrote:
>> http://llvm.org/pubs/2006-05-24-SAFECode-BoundsCheck.pdf
>>
>> What it does is rewrites the program to install runtime checks on
>> pointers to ensure no array bounds overflows.
>>
>> It indicates to me the effort being poured into C to try to make it
>> memory safe, and how memory safety has become a huge issue in
>> programming. We are on the right track with D with our focus on making D
>> proveably memory safe.
>
> <pushingTheBoatOut>
>
> Given that a large part of D should be writable using @safe, perhaps we  
> should look into making @safe default and having to explicitly write  
> @system or @trusted for a function? This is obviously a no-go in D's  
> current state (most of phobos/druntime aren't appropriately annotated  
> and I believe there are a good few things that @safe forbids but  
> could/should permit), but it would be cool to say "D is memory safe by  
> default, the programmer has to explicitly state if it's not". Perhaps  
> this could be done with a compiler switch for now to see how well it  
> works in the real world/evaluate whether it's actually doable/what needs  
> doing to make it doable.
>
> </pushingTheBoatOut>

This sounds very good to me, because I usually don't *need* to write  
unsafe code. I'd like to hear if people who are in unsafe territory all  
day could live with that.


More information about the Digitalmars-d mailing list