• calcopiritus@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    3 months ago

    As I said, I don’t consider going out of bounds of a buffer a memory safety issue. Forcing the programmer to handle an out-of-bounds case every time there is an array access can be incredibly tedious. So much that not even rust forces you to do so. And if that language has iterators, it’s even less of an issue.

    I consider out-of-bounds array access to same as casting a pointer to another type. Just because a language lets you do it, it doesn’t mean that it is not memory safe. It is a performance feature, since checking the bounds every time is always possible (and incredibly easy to implement), but also with too big of an impact when you could just check the length once per loop instead of per loop iteration.

    • sus@programming.dev
      link
      fedilink
      arrow-up
      4
      ·
      edit-2
      3 months ago

      buffer overflows are critical for memory safety since they can cause silent data corruption (bad) and remote code execution (very bad). Compared to those a “clean” unhandled runtime error is far preferable in most cases.

    • AnyOldName3@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      3 months ago

      If you’re going to change the definition of words, it’s pretty easy to show that garbage collection on its own is sufficient, but it’s not possible to have a useful conversation if someone’s using their own personal definition of the terms being discussed. The generally accepted definition of memory safety includes deeming out-of-bounds accesses and other spatial memory safety issues unsafe.

      • calcopiritus@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        3 months ago

        With your definition this conversation doesn’t make sense though. Since rust’s direct array access doesn’t perform bounds checks when building in release mode. And it doesn’t require using unsafe.

        • AnyOldName3@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          3 months ago

          That’s not what Rust’s documentation says. It does a compile-time bounds check if it can prove what the index might be during compilation, and a runtime bounds check if it can’t. In release mode, it tries harder to prove the maximum index is below the minimum length, but it still falls back to a runtime bounds check if it can’t unless you use get_unchecked, which is unsafe.