That's called a mailing list
/s
BatmanAoD
joined 2 years ago
Okay, yeah, I was indeed reading your original reply as a criticism of one of the people involved (presumably the security researcher), rather than as a criticism of the post title. Sorry for misunderstanding.
Apparently GCC does indeed do tail-call optimization at -O2: https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html#index-foptimize-sibling-calls
But in that case, I'm not sure why the solution to the denial of service vulnerability isn't just "compile with -foptimize-sibling-calls."
...what is your point? Some software (in a language that doesn't have tail-recursion optimization) used recursion to handle user-provided input, and indeed it broke. Someone wrote to explain that that's a potential vulnerability, the author agreed, and fixed it. Who here is misunderstanding how computers implement recursion?
TypeScript is a language, and traditionally languages are considered separate from their implementations. When I first saw the headline I hoped maybe it meant a non-JS runtime for compiled TS, and I'm well aware of the difference. Yes, that would be a much larger undertaking than porting the compiler to a new language, but the headline doesn't indicate how large a project this is, and Microsoft certainly has the resources to write a new backend (even a native-code one) for the TS compiler.
They did consider making environment-manipulation functions atomic; the problem is that there's simply no way to guarantee that everything that can manipulate your process's environment is actually beholden to whatever atomic interface Rust provides. I could be misremembering, but I think there was even some discussion with glibc maintainers about whether this could be made safe, and the answer was basically "haha no."
view more: next ›
You don't have to imagine it; you can browse the Linux Kernel mailing list!