A serious security bug... caused by no bounds checking.
Tommi
tommitissari at hotmail.com
Thu Apr 10 12:38:37 PDT 2014
On Thursday, 10 April 2014 at 18:13:30 UTC, Steven Schveighoffer
wrote:
> On Thu, 10 Apr 2014 14:08:48 -0400, Tommi
> <tommitissari at hotmail.com> wrote:
>
>> On Thursday, 10 April 2014 at 17:56:04 UTC, Steven
>> Schveighoffer wrote:
>>> @safe code can be marked as @trusted instead, and nothing
>>> changes, except @trusted code can have bounds checks removed.
>>> How does this not work as a solution?
>>
>> A compiler flag for disabling bounds checking is a blunt
>> instrument. But using search & replace to change each @safe to
>> @trusted is a blunt _and_ inconvenient instrument.
>
> So don't use it bluntly. For example, disabling bounds checks
> on the args array in main will not help your performance.
Sometimes you need that blunt instrument. I wasn't complaining
about that.
> As a general rule, first profile, then optimize.
Exactly. I profile the difference between running with and
without bounds checking. If the difference is deemed negligible
for our purposes, we don't spend time and money in carefully
optimizing away bound checks that are analyzed to be reasonably
safe to remove. You need the compiler flag to potentially save
you all the trouble.
More information about the Digitalmars-d
mailing list