Creator of LLVM, Clang, and Swift Says To Not Write Security Critical Code In C/C++
Kagamin via Digitalmars-d
digitalmars-d at puremagic.com
Tue Jul 14 08:09:54 PDT 2015
On Tuesday, 14 July 2015 at 12:59:34 UTC, Ola Fosheim Grøstad
wrote:
> My point is that C UB for overflow on signed int does not imply
> not having the same code-gen as D has. So it is essentially not
> a language problem per se.
UB implies anything. Yes, it's not a problem, safer languages
based on C are possible, and were done.
> The "problem" is cultural. C programmers have this idea that
> they should compile everything with the compiler/compiler
> setting that gives the absolutely highest performance no matter
> what the quality the code.
It's believed that there's no problem with optimized code and
optimizations don't change behavior.
> The same thing would happen if LDC added a switch named
> "-FAST_AND_RISKY" ;-).
I proposed -Ounsafe, it can actually help with correctness,
because it clearly states the tradeoff and keeps it opt-in
instead of being default, as C compilers do, and it also fits
well into D approach to unsafety.
More information about the Digitalmars-d
mailing list