Re: Strange programming problem

From: Mike Bartman (omni_at_foolie.omniphile.com)
Date: 08/21/03 

Date: Wed, 20 Aug 2003 21:10:26 -0400

On Wed, 20 Aug 2003 15:07:35 GMT, Ryan Moore
<rmoore@rmoore.dyndns.org> wrote:

>On Wed, 20 Aug 2003, Larry Kilgallen wrote:
>> From what I know of Cobol, it is quite amenable to range checking.
>> The use of null-terminated strings in C prevents such automatic
>> compiler safeguards.
>
>This is not necessarily true. Depending on how your array is allocated,
>the compiler can do range checking.

You can't really range-check in C, because it's possible to play with
array contents using pointers, rather than explicit array element
references. The end result is that you can overfill an array and
there's no way for the compiler to know about it. Even a runtime
check can be fooled unless you have a lot of support for memory
management and isolate the address spaces of each array so that
running off the end will trigger an invalid virtual address
reference...and even that won't work if you run far enough off the end
and end up in the next array over.

Think of it from the assembly language viewpoint...that's basically
what C is, from a protection standpoint. You can reference any part
of memory without limit using pointers, so you can screw up any part
of the program or its data. Pascal, for instance, limits this by not
allowing pointer arithemetic and not allowing cross-type pointers.
This can make writing certain kinds of code more difficult, but it
also protects you from some of the more hideous errors that C is prone
to.

If the PC industry had been able to settle on a language like Pascal
or Ada for most development, rather than C, we'd see far more reliable
systems than we see today. Saying that a good and careful programmer
can write solid code in C is true, but pointless. Most programmers
aren't all that good, and most aren't granted the time to be careful
by their management.

-- Mike Bartman
----------------------------------------------------------------
  To reply via e-mail, remove the 'foolie.' from the address.
  I'm getting sick of all the SPAM...
----------------------------------------------------------------

Relevant Pages

  • Re: code optimiation
    ... Given that the compiler can often optimise the generated code to use the best sized types available, it's seldom worth specifying "fast" types explicitly. ... pointers and floating point types whose "zero value" might not be all- ... instruction, so the assembler produced for *p++ when used as the ... It will do the same job, and let you write the source code using proper array constructs. ...
    (comp.arch.embedded)
  • Re: Q: Checking the size of a non-allocated array?
    ... an actual argument is already invalid ... First note that you don't have an unallocated array in the subroutine. ... it is comparable to disassociated or undefined pointers. ... Obviously the compiler has ...
    (comp.lang.fortran)
  • Re: How to retrieve data from array of pointers or from a struct?
    ... You're declaring an array of pointers to unsigned long long, ... you're initializing the pointers with integer values. ... and your compiler should have warned ... You're not explicitly calling memcpy, ...
    (comp.lang.c)
  • Re: folder parsing (newbie)problem
    ... this is an array of char*. ... If so you are using a weird compiler. ... you should probably read up on pointers and on malloc. ...
    (comp.lang.c)
  • Re: new IL: C (sort of...).
    ... only for "recent" Pascals, ... far pointers weren't really limited, ... in my compiler, I made wchar_t a builtin type (in most cases, aliased to ... I could very well include builtin "managed strings" in the new IL. ...
    (comp.lang.misc)