Comment by blub

5 years ago

The code where the bug happens is legal C++, but it uses absolutely none of the memory safety improvements which were added to the language in the past... twenty years probably. It's basically C with classes.

If they haven't kept up with the changes in their current language, what makes one think that they would "move on" to the alternatives, two of which aren't even alternatives?

Before they switch to Rust it would be much faster and more efficient to use smart pointers, std::array, std::vector and stop using memcpy.

4 comments

blub

saagarjha 5 years ago

Note that this code is shipping as a kernel extension, which uses Embedded C++, not standard C++. Notably, things like templates and exceptions are not available. It would be nice if they could work on this instead, but looking at the dyld and Security sources (which has no such limitations, as the run in userspace) I don't have much confidence.

pjmlp 5 years ago
They could still make use of bounds checking, like my own classes did back in the MS-DOS days, when C++ARM was pretty much the only thing available.
Naturally when one writes C in C++ it doesn't help.
- saagarjha 5 years ago
  
  I suspect that they'll adopt MTE first.
  
  1 reply →