Fri, 1 Oct 2004 14:37:12 -0700
> By compromise, I simply meant that the implementation couldn't be as
> clean as one system or the other exclusively. A GC still needs to
> be region aware.
Ah. I agree, and this is another reason why the ML Kit performance
numbers are unconvincing -- they compare against a GC that has been
made region aware.
> I've heard that the security guys can be swayed by this sort of
> argument: read the user's password into a region allocated buffer,
> check it, then leave the region. Now you know the password has been
> purged from memory without it hanging around for the GC to find it.
That sure seems weak to me. Is a complicated region system really
better than overwriting the buffer?