D not considered memory safe
Steven Schveighoffer
schveiguy at gmail.com
Wed Jul 3 04:30:45 UTC 2024
On Tuesday, 2 July 2024 at 23:33:22 UTC, Walter Bright wrote:
> On 7/1/2024 6:40 AM, Brian Callahan wrote:
>> ...at least according to Bleeping Computer:
>> https://www.google.com/amp/s/www.bleepingcomputer.com/news/security/cisa-most-critical-open-source-projects-not-using-memory-safe-code/amp/
>>
>> "Memory-unsafe languages are those that do not provide
>> built-in memory management mechanisms, burdening the developer
>> with this responsibility and increasing the likelihood of
>> errors. Examples of such cases are C, C++, Objective-C,
>> Assembly, Cython, and D."
>
> Now they're complaining that D does not have a gc!
Well, the article is wrong that having a GC prevents all memory
safety problems.
What causes all the problems (mostly) is the "built-in memory
management" of the stack, and critically, returning references to
stack data that will outlive the stack frame. Having a GC isn't
enough, every single memory allocation scheme must also be safe
to have a safe language.
But to be fair, I don't think the linked report actually
discusses the definition of memory safe languages. It's just
bleeping computer that adds this (bad) explanation. The CISA
report does specifically list D as a memory unsafe language,
which I think is a bit harsh.
What I would say with D is that it is *much easier* to be memory
safe, and the compiler provides tools to help with this.
-Steve
More information about the Digitalmars-d
mailing list