Re: C initialization of static objects (was: ALERT ALERT ALERT! google under attack ALERT ALERT ALERT!)

[lcamtuf () ghettot org (Michal Zalewski)]

On Sun, 15 Sep 2002 silvio () big net au wrote:

>       if i see a declaration, without an initialization, then
>       i assume it is not required and will be initialized at some
>       later point through calculation or input.

Yes, this is the logical solution, but C isn't this way most of the time.
It is logical, but it's a side effect of being very close to the machine
level. Hardcore C programmers often say that C is a structural assembler
with macros. It's silly, but people code in it because they can type "int
foo;" (heh, some cases they can just type "foo;" and have it defaulted to
int), and it's initialized to zero, thus saving them from typing two to
six extra characters. And I adore it, C is my language of choice because
it is possible to code hundred lines of code really fast.

> implicit initialization does _not_ simplify code.  it makes it shorter
> by a few characters.  That does not imply the code is more
> understandable and therefore simpler.

I'm not saying it's easier to understand this way. Au contrare. But C is
NOT a language that was/is supposed to be readable, clean, neat, nice,
make the code fault-proof, eradicate common programming mistakes, etc,
etc. And this fact is the only reason why C is so popular. It's ugly and
fast. It's not nice, it is not cheap to maintain the code, it is not
simple to make it bug-free. There are languages that make it possible, yet
they are not popular.

Pascal definitely was a neat, clean language with decent typing, simple
and clean syntax, high readability and many other virtues. Yet most people
who started with Pascal moved to C as a next step, because C was shorter
and less picky. Offspring of FORTRAN and Pascal is still alive, but used
in rather specialized applications or, more and more seldom, for teaching.

> > Ok, it's not ellegant, but this is exactly what makes C so popular and
> bah.  C _is_ elegant in many respects..

In what aspect is C more elegant than many other languages? IOCCC is, of
course, neat, but I do not mean that. Almost every complex task is getting
complex and unreadable in C, unless you put some significant effort in
keeping the code clean. In many other languages, the code is clean unless
you put a significant effort in making it unreadable (see Ada). The only
problem: such languages take more time to learn and master, and even then,
coding is much slower.

> the language allows for many things.. but most of them should be anally
> explicity programmed, to leave as little room for error IMHO.

Once again, this is not the way C works. To leave little space for error,
it should have elaborate types, strong typing, range checking, less
implicit conversions, cleaner arithmetics - it's not immediately obvious
that foo/5 does not have to be equal to foo/5.0, and so many more things.
All this unless you explictly say you don't want this feature at this
particular line. But it's hopeless - you can create "C-Safe", and it will
be destined to fail.

> almost every language can be abused, but strict programming and
> following decent practices, you can definately avoid more problems than
> not by following such guides.

C is not designed for clean programming. You can write nice code in C, but
it's hard. It's much harder than writing bad code. There are languages
that are more difficult to write in than to read, and that force the
programmer to write in a nice way. C encourages to write fast.

> well C is elegant.. its portable..

No, it isn't, beyond printf("Hello world!\n"). It's only portable because
it has a compiler on every decent platforms, but compilers differ; APIs
differ even more; plus, you have to remember about endians... there are
portable languages that do not have #ifdefs and other precompiler
constructions at all. In C, portability and #ifdefs are pretty much
synonymous ;-) C is too close to the machine to be portable.

> readability is interesting.. i think well written C is very readable.

Makes what, 1%? Wonder how many people dream of procmail sources when they
have nightmares...

-- 
_____________________________________________________
Michal Zalewski [lcamtuf () bos bindview com] [security]
[http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
=-=> Did you know that clones never use mirrors? <=-=
          http://lcamtuf.coredump.cx/photo/