Andrei Alexandrescu, el 5 de noviembre a las 19:10 me escribiste: > Walter Bright wrote: > >Andrei Alexandrescu wrote: > >>Walter Bright wrote: > >>>Jason House wrote: > >>>>I posted in the other thread how casting to immutable/shared can be > >>>>just as bad. A leaked reference prior to casting to immutable/shared > >>>>is in effect the same as casting away shared. No matter how you mix > >>>>thread local and shared, or mutable and immutable, you still have the > >>>>same undefined behavior > >>> > >>>Not undefined, it's just that the compiler can't prove it's > >>>defined behavior. Hence, such code would go into a trusted > >>>function. > >> > >>Are we in agreement that @safe functions have bounds checking on > >>regardless of -release? > > > >You're right from a theoretical perspective, but not from a > >practical one. People ought to be able to flip on 'safe' without > >large performance penalties. > > > >If it came with inescapable large performance penalties, then > >it'll get a bad rap and people will be reluctant to use it, > >defeating its purpose. > > This is a showstopper. > > What kind of reputation do you think D would achieve if "safe" code > has buffer overrun attacks?
If you compiled it with the -unsafe (or -disable-bound-check) flag, I think there should be no impact in the reputation. It the *users*/*maintainer* (whoever compiles the code) choice if he assumes the risks. > A function that wants to rely on hand-made verification in lieu of > bounds checks may go with @trusted. There is absolutely no way a > @safe function could allow buffer overruns in D, ever. Again, the problem is with code you don't control. I want to be able to turn bound-checking off (and any other runtime safety, but not compile-time safety) without modifying other people's code. -- Leandro Lucarella (AKA luca) http://llucax.com.ar/ ---------------------------------------------------------------------- GPG Key: 5F5A8D05 (F8CD F9A7 BF00 5431 4145 104C 949E BFB6 5F5A 8D05) ---------------------------------------------------------------------- 22% of the time a pizza will arrive faster than an ambulance in Great-Britain
