"headius (Charles Nutter)" <headius / headius.com> wrote:
> * For folks doing crypto stuff that want to know exactly how big the
>   buffer is right away, this provides a way to do so.

I'm not sure exactly what you mean.  Do you mean to avoid leaving
sensitive data in the heap from realloc()?  Yes it would help, but
I think this is a poor API for that purpose.

Perhaps special methods like String#secure_cat and String#secure_wipe
is more obvious for security-concious users.

> I won't try to argue whether realloc is consistently efficient across
> platforms or not. It seems like it's not guaranteed to be on any
> platform.

I absolutely agree this can help performance regardless of platform,
however...

> It's also such a tiny addition...why not?

I'm not a VM expert, but shouldn't it be possible for the VM to track
the growth of strings allocated at different call sites and
automatically optimize preallocations as time goes on?