A serious security bug... caused by no bounds checking.
Tommi
tommitissari at hotmail.com
Thu Apr 10 10:45:26 PDT 2014
On Thursday, 10 April 2014 at 17:37:53 UTC, Steven Schveighoffer
wrote:
> On Thu, 10 Apr 2014 13:25:25 -0400, bearophile
> <bearophileHUGS at lycos.com> wrote:
>
>> Steven Schveighoffer:
>>
>>> No, the author of the @safe code expects bounds checking,
>>> it's part of the requirements.
>>
>> Take a look ad Ada language. It has bounds checking and its
>> compilers have a switch to disable those checks. If you want
>> the bounds checking don't use the switch that disables the
>> bounds checking. Safety doesn't mean to have no way to work
>> around safety locks. It means have nice handy locks that are
>> active on default. In a system language total safety is an
>> illusion. Better to focus on real world safety and not a
>> illusion of theoretical safety.
>
> That's why we have @trusted.
No. @trusted is for code that cannot be guaranteed to be
memory-safe by the compiler (either at runtime or at
compile-time), but the programmer still wants to promise that the
code is memory-safe. Array bounds checking doesn't land under
that moniker, it can be checked by the compiler.
More information about the Digitalmars-d
mailing list