Bad array indexing is considered deadly

Jonathan M Davis via Digitalmars-d digitalmars-d at puremagic.com
Thu Jun 1 10:15:50 PDT 2017


On Thursday, June 01, 2017 14:40:59 John Colvin via Digitalmars-d wrote:
> On Thursday, 1 June 2017 at 14:21:35 UTC, Stanislav Blinov wrote:
> > On Thursday, 1 June 2017 at 14:10:21 UTC, John Colvin wrote:
> >> I would be interested to see ideas of how to implement some
> >> sort of logical sandboxing in D. Perhaps if one calls a
> >> strongly pure @safe function, there is no way it can mess up
> >> shared state,
> >
> > Oh yes, there is a way:
> > http://forum.dlang.org/post/psdamamjecdwfeiuvqsz@forum.dlang.org
>
> Sure, @safe has some holes as it currently stands.

It's far better than nothing, but it definitely has holes. DIP 1000 is
fixing a lot of those holes. Unfortunately, the only way to absolutely
guarantee that it doesn't have any holes is to do it via whitelisting
operations and then vetting every operation to make sure that it's safe for
the compiler to say that it's @safe, whereas it's implemented by
blacklisting operations that are determined to be unsafe. So, we'll probably
always be at risk of having holes in @safe, but the situation is improving.

- Jonathan M Davis



More information about the Digitalmars-d mailing list