[OffTopic]: Safer usage of C++ in Chrome
Basile B.
b2.temp at gmx.com
Thu Sep 9 08:05:34 UTC 2021
On Thursday, 9 September 2021 at 07:28:00 UTC, Paulo Pinto wrote:
> Nothing new to those of us that are aware of the issues that
> plague C and C++ codebases in terms of security, still kind of
> interesting to see how much effort is being thrown at trying to
> fix Chrome's security exploits.
>
> https://docs.google.com/document/d/e/2PACX-1vRZr-HJcYmf2Y76DhewaiJOhRNpjGHCxliAQTBhFxzv1QTae9o8mhBmDl32CRIuaWZLt5kVeH9e9jXv/pub
>
> Naturally what many usually forget, is that all those
> development hours and bug fixes translate into salaries and
> contracting rates that need to be paid.
>
> Unfortunely the marketing of how much development costs one
> saves by using languages like D, still don't reach most finance
> departments.
Thanks for link. Most of the problem that are described are
indeed fixed by D (minus implementation bugs, so in theory). So
temporal safety is solved with escape analysis and @safe, space
safety with bounds checks, UFA is solved by the GC, use of
unitialized memory is solved by default initialization, etc...
Trivial question. Do I undestand correctly this sentence ?
> Of these 2 types of safety, spatial safety is relatively easier
> to achieve ... (For example, you have to perform the array
> bounds check, which might cost more than not doing it.
without intention to offend the author, is it supposed to mean
something as absurd as "checking bounds might cost more than not
checking them because you have to check them" ?
More information about the Digitalmars-d
mailing list