memory-safety | 易学教程

Why does a function have long-term write access to all of its in-out parameters?

阅读更多关于 Why does a function have long-term write access to all of its in-out parameters?

问题 According to the chapter of "Memory Safety" in the Swift Programming Language Guide (for Swift 4.2), there is a sentence "A function has long-term write access to all of its in-out parameters." https://docs.swift.org/swift-book/LanguageGuide/MemorySafety.html I created a new command line tool project to verify it in Xcode 10.1. var stepSize = 1 func increment(_ number: inout Int) { print(stepSize) } increment(&stepSize) I expect the output to be 1, but the actual output is a crash log

Is Python type safe?

阅读更多关于 Is Python type safe?

问题 According to Wikipedia Computer scientists consider a language "type-safe" if it does not allow operations or conversions that violate the rules of the type system. Since Python runtime checks ensure that type system rules are satisfied, we should consider Python a type safe language. The same point is made by Jason Orendorff and Jim Blandy in Programming Rust: Note that being type safe is independent of whether a language checks types at compile time or at run time: C checks at compile time,

Buffer overflow works in gdb but not without it

阅读更多关于 Buffer overflow works in gdb but not without it

问题 I am on CentOS 6.4 32 bit and am trying to cause a buffer overflow in a program. Within GDB it works. Here is the output: [root@localhost bufferoverflow]# gdb stack GNU gdb (GDB) Red Hat Enterprise Linux (7.2-60.el6_4.1) Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and

Buffer overflow works in gdb but not without it

阅读更多关于 Buffer overflow works in gdb but not without it

How does Rust achieve compile-time-only pointer safety?

阅读更多关于 How does Rust achieve compile-time-only pointer safety?

问题 I have read somewhere that in a language that features pointers, it is not possible for the compiler to decide fully at compile time whether all pointers are used correctly and/or are valid (refer to an alive object) for various reasons, since that would essentially constitute solving the halting problem. That is not surprising, intuitively, because in this case, we would be able to infer the runtime behavior of a program during compile-time, similarly to what's stated in this related

Alternatives to dynamic allocations in safety critical projects (C)

阅读更多关于 Alternatives to dynamic allocations in safety critical projects (C)

问题 Safety critical projects do not recommend any dynamic allocations or freeing allocated memory. Only during elaboration/initialization phase of the program execution, it is allowed. I know most of you will argue to implement SW in terms where it should do all static allocations only or do some justification in the code that dynamic allocations will not harm the overall program,etc but still, Is there any alternative to this problem? Is there any way or any example to kind of allocate some

How does Rust achieve compile-time-only pointer safety?

阅读更多关于 How does Rust achieve compile-time-only pointer safety?

I have read somewhere that in a language that features pointers, it is not possible for the compiler to decide fully at compile time whether all pointers are used correctly and/or are valid (refer to an alive object) for various reasons, since that would essentially constitute solving the halting problem. That is not surprising, intuitively, because in this case, we would be able to infer the runtime behavior of a program during compile-time, similarly to what's stated in this related question . However, from what I can tell, the Rust language requires that pointer checking be done entirely at

weak vs unowned in Swift. What are the internal differences?

阅读更多关于 weak vs unowned in Swift. What are the internal differences?

问题 I understand the usage and superficial differences between weak and unowned in Swift: The simplest examples I've seen is that if there is a Dog and a Bone , the Bone may have a weak reference to the Dog (and vice versa) because the each can exist independent of each other. On the other hand, in the case of a Human and a Heart , the Heart may have an unowned reference to the human, because as soon as the Human becomes... "dereferenced", the Heart can no longer reasonably be accessed. That and

Why are borrows of struct members allowed in &mut self, but not of self to immutable methods?

阅读更多关于 Why are borrows of struct members allowed in &mut self, but not of self to immutable methods?

问题 If I have a struct that encapsulates two members, and updates one based on the other, that's fine as long as I do it this way: struct A { value: i64 } impl A { pub fn new() -> Self { A { value: 0 } } pub fn do_something(&mut self, other: &B) { self.value += other.value; } pub fn value(&self) -> i64 { self.value } } struct B { pub value: i64 } struct State { a: A, b: B } impl State { pub fn new() -> Self { State { a: A::new(), b: B { value: 1 } } } pub fn do_stuff(&mut self) -> i64 { self.a.do

Buffer overflow works in gdb but not without it

阅读更多关于 Buffer overflow works in gdb but not without it

I am on CentOS 6.4 32 bit and am trying to cause a buffer overflow in a program. Within GDB it works. Here is the output: [root@localhost bufferoverflow]# gdb stack GNU gdb (GDB) Red Hat Enterprise Linux (7.2-60.el6_4.1) Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i686-redhat-linux-gnu". For bug reporting