[pro] Heartbleed?
Scott L. Burson
Scott at sympoiesis.com
Fri Apr 25 04:31:30 UTC 2014
On Thu, Apr 24, 2014 at 7:29 PM, Steve Haflich <shaflich at gmail.com> wrote:
> Take for example aref, which might be used to
> extract octets of characters or whatever from a buffer. aref makes no
> guarantees even in safe code that it will signal bad array bounds.
I've long thought that was an oversight, though now that you point it
out, I realize I must have been mistaken.
Still, it surprises me. I don't know of any implementation that
doesn't bounds-check aref under normal speed/safety settings, and
clearly, users expect them to do so. It seems a little pedantic to
insist that the _language_ isn't safe in this respect even when all
known implementations are. (Am I wrong about that?)
And for the record I disagree with the committee's decision. Bounds
checking aref etc. _should_ be required at safety 3 (and along with
that, there should be a standardized bounds-error condition type).
The reasoning behind the committee's choice here eludes me.
-- Scott
More information about the pro
mailing list