Creator of LLVM, Clang, and Swift Says To Not Write Security Critical Code In C/C++

[Laeeth Isharc via Digitalmars-d]

On Tuesday, 14 July 2015 at 07:43:27 UTC, Ola Fosheim Grøstad 
wrote:
> On Tuesday, 14 July 2015 at 03:35:08 UTC, Jack Stouffer wrote:
>> http://article.gmane.org/gmane.comp.compilers.llvm.devel/87749
>>
>> Safety is one of the more important things that D offers over 
>> C++, even though people keep saying C++11/14 makes D 
>> unimportant.
>
> Uhm, no. The linked page concludes that security-oriented 
> software should be written in languages that trap on integer 
> overflow by default.
>
> D  is not better off by having modulo-arithmetics, that means 
> you cannot even   catch overflow related issues by semantic 
> analysis, since overflow does not exist. There are  C-like 
> languages that ensures that overflow is not possible at compile 
> time (by putting limits on loop iterations and doing heavy duty 
> proofs).

The article concludes: "There are many more modern and much safer 
languages that either eliminate the UB entirely through language 
design (e.g. using a garbage collector to eliminate an entire 
class of memory safety issues, completely disallowing pointer 
casts to enable TBAA safely, etc), or by intentionally spending a 
bit of performance to provide a safe and correct programming 
model (e.g. by guaranteeing that integers will trap if they 
overflow).  My hope is that the industry will eventually move to 
better systems programming languages, but that will take a very 
very long time..."

__e.g. using a garbage collector to eliminate an entire class of 
memory safety issues__

Now one may say that this isn't all he was saying, that the GC in 
D can be improved, that D could be safer, and so on.  But it's 
hardly fair to suggest the original poster is not right about one 
of the advantages of D vs C and C++.  Or at least you ought to 
make that argument rather than just pick on one fragment of the 
linked piece, without considering the overall point.