C++ compiler vs D compiler
deadalnix via Digitalmars-d
digitalmars-d at puremagic.com
Sat Oct 3 19:35:48 PDT 2015
On Sunday, 4 October 2015 at 01:26:53 UTC, Walter Bright wrote:
>>> Memory safety means no memory corruption is possible.
>>
>> Therefore, there can be no undefined behavior in @safe code.
>
> Overflowing an int is undefined behavior, but it is not memory
> corruption.
Overflowing an int is defined behavior in D.
But let's say it is undefined behavior, is it guaranteed to be
memory safe ? On a first glance it may seems, but I wouldn't bet
on it. I'm sure one can find cases where to optimizer will
generate something unsafe based on undefined behavior. Things
like :
1/ Ho, let's remove that runtime check as I can prove it always
pass.
2/ Ho, let's remove this codepath as I'm allowed to do so because
undefined behavior.
3/ Well fuck, invariant for 1/ is now broken because of the
missing codepath and the code is not memory safe.
You'd be surprised how much tens of perfectly reasonable
transformations run one after another can do to your code when
you throw undefined behavior in.
TL;DR: Even if it doesn't touch memory, it can lead to memory
unsafe things.
More information about the Digitalmars-d
mailing list