Changes between Initial Version and Version 1 of Ticket #1216, comment 2


Ignore:
Timestamp:
08/27/15 08:37:26 (9 years ago)
Author:
sjamaan
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #1216, comment 2

    initial v1  
    11Changing it to {{{C_i_string_ref}}} would still be beneficial due to inlining.  Note that there are also two rewrites in {{{c-platform.scm}}}; an unsafe one that uses {{{C_subchar}}} and a safe one that uses {{{C_i_string_ref}}}.
    22
    3 I think the real problem here is that there are two kinds of unsafe: the kind that doesn't check its argument types (which will result in crashes when passed the wrong type; but in the scrutinizer that means it wouldn't be unsafe because the types are checked elsewhere) and the kind that doesn't check anything. The latter results in unsafe specializations which indeed may result in security nightmares.
     3I think the real problem here is that there are two kinds of unsafe: the kind that doesn't check its argument types (which will result in crashes when passed the wrong type; but in the scrutinizer that means it wouldn't be unsafe because the types are checked elsewhere) and the kind that doesn't check anything. The latter should never be used in specializations, because they will result in unsafe code, which in turn may result in security nightmares.
    44
    55I'm raising this ticket to "critical" because there may be some true landmines waiting to go off in Scheme code that's otherwise safe.  Rewrites like this change the semantics of the code in such a way that you can't reason about its safety anymore.