GC has a "barbaric" destroyng model, I think (page 4) - D Programming Language Discussion Forum

Forums

New users
- Learn
Community
- General
- Announce
Improvements
- DIP Ideas
- DIP Devel.
Ecosystem
- GDC
- LDC
- Debuggers
- IDEs
- DWT
Development
- Internals
- Issues
- Beta
- DMD
- Phobos
- Druntime
- Study
Turkish
- Genel
- Duyuru

Index » Learn » GC has a "barbaric" destroyng model, I think (page 4)

February 13, 2015

Re: GC has a "barbaric" destroyng model, I think

Posted by Kagamin
in reply to Foo

Kagamin

Posted in reply to Foo

On Thursday, 12 February 2015 at 17:29:34 UTC, Foo wrote:
> And since today it is @safe wherever possible.

Well, you marked functions @trusted rather indiscriminately :)
Such approach doesn't really improve safety, and the code could work as well being @system. It's not like @system is inherently broken or something like that.

February 13, 2015

Re: GC has a "barbaric" destroyng model, I think

Posted by Foo
in reply to Kagamin

Foo

Posted in reply to Kagamin

On Friday, 13 February 2015 at 08:00:43 UTC, Kagamin wrote:
> On Thursday, 12 February 2015 at 17:29:34 UTC, Foo wrote:
>> And since today it is @safe wherever possible.
>
> Well, you marked functions @trusted rather indiscriminately :)
> Such approach doesn't really improve safety, and the code could work as well being @system. It's not like @system is inherently broken or something like that.

Since with @safemarked functions are checked by the compiler it is advisable to mark functions with @safe.
And I wouldn't say indiscriminately. Every function I marked with @trusted was checked by me so far.
Of course I'm rather new to D, so I could be wrong. But since my other comrades aren't willing to use D, this code will rot on Github if nobody else will use it.

February 13, 2015

Re: GC has a "barbaric" destroyng model, I think

Posted by Kagamin
in reply to Foo

Kagamin

Posted in reply to Foo

On Friday, 13 February 2015 at 09:11:26 UTC, Foo wrote:
> And I wouldn't say indiscriminately. Every function I marked with @trusted was checked by me so far.

What did you check them for? :)
Just first example: make and destruct, being marked as @trusted, don't prevent caller from UAF and double free vulnerabilities, and compiler can't help with that by checking the caller. Other functions marked as trusted have similar problems. If the the caller can't be automatically checked for safety and must ensure safety manually, it means the callee is @system.

February 13, 2015

Re: GC has a "barbaric" destroyng model, I think

Posted by Foo
in reply to Kagamin

Foo

Posted in reply to Kagamin

On Friday, 13 February 2015 at 09:28:30 UTC, Kagamin wrote:
> On Friday, 13 February 2015 at 09:11:26 UTC, Foo wrote:
>> And I wouldn't say indiscriminately. Every function I marked with @trusted was checked by me so far.
>
> What did you check them for? :)
> Just first example: make and destruct, being marked as @trusted, don't prevent caller from UAF and double free vulnerabilities, and compiler can't help with that by checking the caller. Other functions marked as trusted have similar problems. If the the caller can't be automatically checked for safety and must ensure safety manually, it means the callee is @system.

That seems to be a problem with trusted and safe :)

February 13, 2015

Re: GC has a "barbaric" destroyng model, I think

Posted by Kagamin
in reply to Foo

Kagamin

Posted in reply to Foo

Yeah, since @trusted is checked manually, it's sort of a problem, if you don't know, how to check it.

Top | Forum index | About this forum

Copyright © 1999-2021 by the D Language Foundation