On 7/26/2013 5:28 AM, bearophile wrote:
I agree. On the other hand in important system you usually also try to use more reliable single components, like military-grade resistors able to stand bigger temperature fluctuations. Safety must be pursued at all levels. That's why in both automotive and aeronautics for certain safety-critical routines they forbid recursion and require a static analysis of the max stack space the subprogram will require in all possible usages, to reduce a lot the probability of stack overflows.
Yes, and that's why your analysis of Rust's stack usage is inadequate in demonstrating it is safer.
In some situations stack overflows are a security problem. Several persons have written programs to analyse the stack usage of Ada-SPARK programs. Ignoring the safety hazards caused by stack overflows, and ignoring the tools to avoid them in critical-purpose routines, is very bad engineering.
You can't have an undetected stack overflow if you use guard pages.
I don't know the current situation on this, but I think they are trying to solve this problem in Rust, with some workaround.
I'll add that segmented stacks are a compiler feature, not a language feature. A D compiler could support segmented stacks without changing the language, provided calling C functions still works.
But I see no point. 32 bit code is already dead on OSX, and is rapidly dying on Linux and Windows. I hear from more and more outfits that they've transitioned to 64 bits and are not looking back.
