[2934] in bugtraq
Re: at the risk of another flamefest..
daemon@ATHENA.MIT.EDU (Brian Clapper)
Tue Jul 16 13:19:20 1996
Date: Tue, 16 Jul 1996 08:24:04 -0400
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Brian Clapper <bmc@telebase.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <199607160433.XAA11818@source.EnGarde.com>
>>>>> "Mike" == Mike Neuman <mcn@EnGarde.com> writes:
Mike> To fan the flames a bit, I find it amazing that people are
Mike> complaining that C is at fault for their lousy programming...
There are reasons why languages like Ada are preferred over C in
safety-critical systems.
Mike> In any case, to add yet another level of indirection to the above
Mike> argument, Mr. Bradley is forgetting that Unix itself is written in
Mike> C. As a result, perl may have no bound problems, and so will the
Mike> resulting compiled perl code, but the operating system itself could
Mike> still have problems (a la syslog() ).
Which is more or less beside the point. Just because the operating system
(or, to be more precise in this case, the user-level library used to
communicate with the syslog daemon) may be riddled with boundary violations
and off-by-one errors does not mean you should abandon decent, alternate
languages when choosing to implement *your* safety-critical or
security-aware code.
I, too, program primarily in C/C++. However, there are plenty of times
I've wished for a little help from the language in detecting off-by-one
errors and boundary violations. In the absence of built-in run-time
support for such things, I'm forced to roll my own boundary checks using
assert(). (The assert() macro is, of course, useful for other things, too.
I recommend it heartily to all defensive programmers.) Being human,
though, I can make mistakes and miss a crucial check. Having the compiler
back me up is a nice feature, provided I don't allow it to make me a lazy
programmer. Having other qualified programmers walk through my code is
another good back-stop; however, that's perhaps a separate topic.
----
Brian Clapper .............................................. bmc@telebase.com
http://www.netaxs.com/~bmc/ ............. PGP public key available on request
It is clear that the individual who persecutes a man, his brother, because
he is not of the same opinion, is a monster.
-- Voltaire
