Hacker News new | past | comments | ask | show | jobs | submit login

I think that's mostly solved by changing the whole of the idea from "remove/disallow all undefined behavior" to "remove as much of the common needed undefined behavior as possible such that most programs need not really use it". Perfect is the enemy of good.



That'd be fine if use-after-free was a corner case that doesn't show up often in practice, but every single exploit at Pwn2Own this year was UAF…


Are we arguing the same thing? If UAF is the cause of security problems, and UAF is undefined behavior now, redefining it under a special mode to mean "this is an error (whether or not the compiler enforces it)" at least clarifies the situation,and lets and included static analysis report an error as needed and capable.

That is, I'm not arguing that as much undefined behavior as possible should be made defined and possible, just that it's defined. That definition may very well be "you are not allowed to do this. Don't do this."


With portable software (as in, portability is more valuable than other factors), imperfect is the enemy. ;-)


We have over four decades history of portability being valued over correctness, stability and security. I'm not impressed with where it's gotten us.


See, I look at it as the opposite. You aren't really portable if your code isn't correct.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: