Creator of LLVM, Clang, and Swift Says To Not Write Security Critical Code In C/C++
via Digitalmars-d
digitalmars-d at puremagic.com
Tue Jul 14 05:59:32 PDT 2015
On Tuesday, 14 July 2015 at 12:18:23 UTC, Kagamin wrote:
> On Tuesday, 14 July 2015 at 10:22:51 UTC, Ola Fosheim Grøstad
> wrote:
>> You are free to use a C/C++ compiler that provides a switch
>> where overflow leads either to an abitrary value (Rust
>> semantics) or the wrap around (D code gen).
>
> That's the whole point: use a language without UB and the
> situation will be better.
My point is that C UB for overflow on signed int does not imply
not having the same code-gen as D has. So it is essentially not a
language problem per se.
The "problem" is cultural. C programmers have this idea that they
should compile everything with the compiler/compiler setting that
gives the absolutely highest performance no matter what the
quality the code. The same thing would happen if LDC added a
switch named "-FAST_AND_RISKY" ;-).
More information about the Digitalmars-d
mailing list