Creator of LLVM, Clang, and Swift Says To Not Write Security Critical Code In C/C++
via Digitalmars-d
digitalmars-d at puremagic.com
Tue Jul 14 02:46:59 PDT 2015
On Tuesday, 14 July 2015 at 09:29:03 UTC, Kagamin wrote:
> On Tuesday, 14 July 2015 at 07:43:27 UTC, Ola Fosheim Grøstad
> wrote:
>> Uhm, no. The linked page concludes that security-oriented
>> software should be written in languages that trap on integer
>> overflow by default.
>>
>> D is not better off by having modulo-arithmetics, that means
>> you cannot even catch overflow related issues by semantic
>> analysis, since overflow does not exist. There are C-like
>> languages that ensures that overflow is not possible at
>> compile time (by putting limits on loop iterations and doing
>> heavy duty proofs).
>
> Correct software can't be written in C because of UB, that's
> why safer languages are praised for elimination of UB.
This is 100% wrong. UB only happens in the code gen for programs
that are illegal (per definition incorrect source code).
If your program is correct, then the code cannot trigger UB.
More information about the Digitalmars-d
mailing list