| ▲ | Voultapher 2 days ago | |||||||||||||||||||||||||
> I look at compilations of programming safety errors in shipped code now and then. Far and away the #1 bug is out-of-bounds array access. D has solved that problem. Do you have good data on that? Looking at the curl and Chromium reports they show that use-after-free is their most recurring and problematic issue. I'm sure you are aware, but I want to mention this here for other readers. Reference safety extends to things like iterators and slices in C++. > Not following the rules of the borrow checker does not mean the program is flawed or incorrect. At a scale of 100k+ LoC every single measured program has been shown to be flawed because of it. | ||||||||||||||||||||||||||
| ▲ | WalterBright 2 days ago | parent [-] | |||||||||||||||||||||||||
No, I haven't kept track of the reports I've seen. They all had array bounds as the #1 error encountered in shipped code. Edit: I just googled "causes of memory safety bugs in C++". Number 1 answer: "Buffer Overflows/Out-of-Bounds Access" "Undefined behavior in C/C++ code leads to security flaws like buffer overflows" https://www.trust-in-soft.com/resources/blogs/memory-safety-... "Some common types of memory safety bugs include: Buffer overflows" https://www.code-intelligence.com/blog/memory_safety_corrupt... "Memory Safety Vulnerabilities 3.1. Buffer overflow vulnerabilities We’ll start our discussion of vulnerabilities with one of the most common types of errors — buffer overflow (also called buffer overrun) vulnerabilities. Buffer overflow vulnerabilities are a particular risk in C, and since C is an especially widely used systems programming language, you might not be surprised to hear that buffer overflows are one of the most pervasive kind of implementation flaws around." https://textbook.cs161.org/memory-safety/vulnerabilities.htm... | ||||||||||||||||||||||||||
| ||||||||||||||||||||||||||