Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

C's memory safety could be drastically improved with the addition of bounds-checked arrays (which is an extension, and does not change existing code):

https://www.digitalmars.com/articles/C-biggest-mistake.html

25 years of experience with D has shown this to be a huge improvement.

D also has references as an alternative to pointers. References cannot have arithmetic done on them. Hence, by replacing pointers with references, and with array bounds checking, the incidence of memory corruption is hugely reduced.



> C's memory safety could be drastically improved with the addition of bounds-checked arrays (which is an extension, and does not change existing code):

If you solved that problem then you'd still have a dumpster fire of memory safety issues from bad casts, use after free, etc


Array overflows is consistently the number one memory safety bug in shipped code, by a wide margin.


Citation needed.

(I would have guessed similar to what you said, minus the "by a wide margin" bit.)


A few minutes of googling:

https://cwe.mitre.org/top25/archive/2024/2024_cwe_top25.html

https://runsafesecurity.com/blog/memory-safety-vulnerabiliti...


Neither of those support your claim that buffer overflows are the top issue by a wide margin.

If you are saying that “most memory safety issues are bounds related” then I agree. I’m just disagreeing on the wide margin bit.


> Neither of those support your claim that buffer overflows are the top issue by a wide margin

That's true, but I have seen that statistic more than once, and decided that I wasn't going to spend more time searching for it.

If that's not good enough for you, so be it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: