On 1/8/2023 8:31 PM, Siarhei Siamashka wrote:
On Monday, 9 January 2023 at 03:54:32 UTC, Walter Bright wrote:
Buffer overflows are trivial to have in C, and C has no mechanism to prevent
them.
ASAN, Valgrind, Clang Static Analyzer and plenty of other tools are the
practical mechanisms to prevent buffer overflows.
And yet C buffer overflows are consistently the #1 problem in production C code.
Valgrind, etc., only detect overflow if there's a test case that causes
overflow. That's why it's not as good as static checks.
Clang Static analyzer can only detect a small subset of buffer overflows.
Yes, they are not baked into the ISO language standard.
They can't be because the C semantics make it impossible.
But D has no ISO language standard at all.
Neither does Rust.
D can do everything C can. And more. Valgrind works with D code, too.
