A serious security bug... caused by no bounds checking.
Daniel Murphy
yebbliesnospam at gmail.com
Fri Apr 11 05:35:07 PDT 2014
"Steven Schveighoffer" wrote in message
news:op.xd3vzecweav7ka at stevens-macbook-pro.local...
> No, the author of the @safe code expects bounds checking, it's part of the
> requirements. To compile his code with it off is like having
> -compilergeneratedhash switch that overrides any toHash functions with a
> compiler generated one. You are changing the agreement between the
> compiler and the code. When I say @safe, I mean "I absolutely always want
> bounds checks."
If you have code that would ever fail a bounds check, that is a program
error, similar to code that may fail an assertion.
And like assertions, if you would rather the code was as fast as possible
instead of as safe as possible you can use a compiler switch to disable
bound checks.
The usual switch to do stuff like this is '-release', but because @safe
functions should still have the 'no memory corruption' even in release mode,
disabling those bounds checks was moved into another compiler switch.
> If you want to eliminate bounds checks, use @trusted.
No, @trusted means "don't check my code" while @safe + noboundschecks means
(mostly) "only check my code at compile-time".
More information about the Digitalmars-d
mailing list