A serious security bug... caused by no bounds checking.

Steven Schveighoffer schveiguy at yahoo.com
Thu Apr 10 12:48:16 PDT 2014


On Thu, 10 Apr 2014 15:38:37 -0400, Tommi <tommitissari at hotmail.com> wrote:

> On Thursday, 10 April 2014 at 18:13:30 UTC, Steven Schveighoffer wrote:
>> As a general rule, first profile, then optimize.
>
> Exactly. I profile the difference between running with and without  
> bounds checking. If the difference is deemed negligible for our  
> purposes, we don't spend time and money in carefully optimizing away  
> bound checks that are analyzed to be reasonably safe to remove. You need  
> the compiler flag to potentially save you all the trouble.

This is a weak argument. If you need to optimize, do it. Bounds checking  
is one of a thousand different possible explanations for slow code. You  
have to weigh that remote possibility with the threat of  
accidentally/inadvertently neutering @safe.

You also exaggerate the cost of changing a few @safe to @trusted. The cost  
of adding the -noboundscheck flag to the build system in the right places  
may be just as significant.

-Steve


More information about the Digitalmars-d mailing list