Creator of LLVM, Clang, and Swift Says To Not Write Security Critical Code In C/C++
via Digitalmars-d
digitalmars-d at puremagic.com
Tue Jul 14 08:35:16 PDT 2015
On Tuesday, 14 July 2015 at 15:09:55 UTC, Kagamin wrote:
> UB implies anything. Yes, it's not a problem, safer languages
> based on C are possible, and were done.
I'd rather say it implies what you set your compiler switches to,
and if you use seperate compilation you can have different
settings for different files (e.g. only have aggressive
optimization for the files you have vetted thoroughly).
> I proposed -Ounsafe, it can actually help with correctness,
> because it clearly states the tradeoff and keeps it opt-in
> instead of being default, as C compilers do, and it also fits
> well into D approach to unsafety.
Yes, perhaps you could set it per file. Perhaps even some
annotation in the source that says that the file is free of
overflow issues? Why not?
More information about the Digitalmars-d
mailing list