www.digitalmars.com         C & C++   DMDScript  

digitalmars.D - Memory Safety

reply Walter Bright <newshound1 digitalmars.com> writes:
Reddit:

http://reddit.com/info/6cymv/comments/

Dr. Dobbs:

http://dobbscodetalk.com/index.php?option=com_myblog&show=Memory-Safety.html&Itemid=29
Mar 21 2008
next sibling parent reply bearophile <bearophileHUGS lycos.com> writes:
It's good to have a place like that where you are free to talk about all the
interesting things you like :-)
Java seems good in that regard :-)

Walter:
since D is a powerful programming language even without pointers, it may be
practical to define a safe D subset. We are examining each feature of D to find
the largest possible subset of the language that is memory safe. Then, if this
subset is itself a practical language, D can be a major contribution towards
eliminating malware.<

So you need a tool to see if some D code is using just that subset, I presume this isn't too much difficult to do. So the questions are: - Is such D subset useful/enough in practice? - Is such subset any better than Java itself? - Even if such subset of D is useful, and it's better than Java, are enough people going to use it (instead of Java, or instead of full D) so it can become a "major contribution" in practice too? :-) Thank you very much for the interesting topic, bearophile
Mar 21 2008
parent Sean Kelly <sean invisibleduck.org> writes:
== Quote from bearophile (bearophileHUGS lycos.com)'s article
 It's good to have a place like that where you are free to talk about all the
interesting things you like :-)
 Java seems good in that regard :-)
 Walter:
since D is a powerful programming language even without pointers, it may be
practical to define a safe


memory safe. Then, if this subset is itself a practical language, D can be a major contribution towards eliminating malware.<
 So you need a tool to see if some D code is using just that subset, I presume
this isn't too much difficult

Walter has talked about this before. Search old posts in this NG for more info. I'd point you at a post, but it'd take me a while to find it and I'm on my way out of the office. Sean
Mar 21 2008
prev sibling next sibling parent Georg Wrede <georg nospam.org> writes:
Walter Bright wrote:
 Reddit:
 
 http://reddit.com/info/6cymv/comments/
 
 Dr. Dobbs:
 
 http://dobbscodetalk.com/index.php?option=com_myblog&show=Memory-S
fety.html&Itemid=29 

Good article! Off-hand one can see applications in banking, tcp (including the WWW), even military stuff. Actually anything where an app is expecting specific input while at risk of getting arbitrary input instead. This may be due to malice, sloppy users, or various hiccups. While this of course isn't equivalent to correct-proven software, it gives us yet another avenue where we could beat C++ on the head. I'm looking forward to the day when DMD has a switch to check this!
Mar 21 2008
prev sibling parent reply Walter Bright <newshound1 digitalmars.com> writes:
Here's Bartosz' article on the subject:

http://www.digitalmars.com/d/2.0/safed.html
Mar 21 2008
next sibling parent reply davidl 126.com writes:
在 Sat, 22 Mar 2008 09:34:28 +0800,Walter Bright  
<newshound1 digitalmars.com> 写道:

 Here's Bartosz' article on the subject:

 http://www.digitalmars.com/d/2.0/safed.html

So D is going towards totally anti-JIT ? As far as I can see, JIT uses technology of constructing user data and executing them. I think this D subset still leaves a dirty way which need to be declared explicitly to allow executing JIT compiler's output. -- 使用 Opera 革命性的电子邮件客户程序: http://www.opera.com/mail/
Mar 22 2008
parent reply Walter Bright <newshound1 digitalmars.com> writes:
davidl 126.com wrote:
 So D is going towards totally anti-JIT ?

I don't know what you mean by that.
 As far as I can see, JIT uses technology of constructing user data and 
 executing them. I think this D subset still leaves a dirty way which 
 need to be declared explicitly to allow executing JIT compiler's output.
 
 

Mar 22 2008
parent davidl <davidl 126.com> writes:
鍦 Sun, 23 Mar 2008 01:42:23 +0800锛學alter Bright  
<newshound1 digitalmars.com> 鍐欓亾:

 davidl 126.com wrote:
 So D is going towards totally anti-JIT ?

I don't know what you mean by that.

informed that it will be a compiler option. There everything goes fine. :D
 As far as I can see, JIT uses technology of constructing user data and  
 executing them. I think this D subset still leaves a dirty way which  
 need to be declared explicitly to allow executing JIT compiler's output.


-- 浣跨敤 Opera 闈╁懡鎬х殑鐢靛瓙閭欢瀹㈡埛绋嬪簭: http://www.opera.com/mail/
Mar 23 2008
prev sibling next sibling parent davidl 126.com writes:
在 Sat, 22 Mar 2008 09:34:28 +0800,Walter Bright  
<newshound1 digitalmars.com> 写道:

 Here's Bartosz' article on the subject:

 http://www.digitalmars.com/d/2.0/safed.html

"its front end is in the public domain" <-- this is probably a wrong statement ? -- 使用 Opera 革命性的电子邮件客户程序: http://www.opera.com/mail/
Mar 22 2008
prev sibling parent renoX <renosky free.fr> writes:
Walter Bright a 閏rit :
 Here's Bartosz' article on the subject:
 
 http://www.digitalmars.com/d/2.0/safed.html

Very interesting, I thought that D could be left out in many situation by Java and C# because it's "unsafe". I'm wondering if this 'safe' subset of D would be able to use a moving GC? Regards, renoX PS: I find quite funny that the article emphasize the 'horrible C++ syntax' and then talk about D: D's syntax is better sure, but in comparison to Scala, it's not that good..
Mar 22 2008