A proper language comparison...

[Walter Bright]

On 7/26/2013 5:28 AM, bearophile wrote:
> I agree. On the other hand in important system you usually also try to use more
> reliable single components, like military-grade resistors able to stand bigger
> temperature fluctuations. Safety must be pursued at all levels. That's why in
> both automotive and aeronautics for certain safety-critical routines they forbid
> recursion and require a static analysis of the max stack space the subprogram
> will require in all possible usages, to reduce a lot the probability of stack
> overflows.

Yes, and that's why your analysis of Rust's stack usage is inadequate in 
demonstrating it is safer.


> In some situations stack overflows are a security problem. Several persons have
> written programs to analyse the stack usage of Ada-SPARK programs. Ignoring the
> safety hazards caused by stack overflows, and ignoring the tools to avoid them
> in critical-purpose routines, is very bad engineering.

You can't have an undetected stack overflow if you use guard pages.


> I don't know the current situation on this, but I think they are trying to solve
> this problem in Rust, with some workaround.

I'll add that segmented stacks are a compiler feature, not a language feature. A 
D compiler could support segmented stacks without changing the language, 
provided calling C functions still works.

But I see no point. 32 bit code is already dead on OSX, and is rapidly dying on 
Linux and Windows. I hear from more and more outfits that they've transitioned 
to 64 bits and are not looking back.