Re: at the risk of another flamefest..

[stagda () ncs com (David Stagner)]

Peter Jeremy writes:

> It might be worth noting that Richard W.M. Jones <rwmj () doc ic ac uk>
> has written some patches to gcc which add fine-grained bounds checking
> to C.  Sources are in: ftp://dse.doc.ic.ac.uk/pub/misc/bcc
> Additional information at:
>         http://www-dse.doc.ic.ac.uk/~rj3/bounds-checking.html
>         http://www-ala.doc.ic.ac.uk/~phjk/BoundsChecking.html
>
> Unfortunately, the resultant code is substantially slower and is therefore
> really only suitable for testing - this seems primarily due to the
> requirement for bounds-checked code to fully interwork with non bounds-
> checked code.

Of course, languages such as Modula-2 have successfully and
efficiently implemented bounds checking for years.  Too bad none of
them have caught on to the extent of C.

> > What we need is a powerful, portable, widely used language that
> > automagically handles bounds checking for us.  Sounds like perl to
> > me. :}
> I disagree.  Whilst perl at the script level hides array-bounds problems
> from the user, it is not a panacea.  Firstly, the interpreter itself is
> written in C - thus it is possible that the interpreter itself may suffer
> from an array-bounds problem.  Secondly, it is _very_ large (several times
> the size of sendmail) thus violating the KISS principle - which is
> particularly important for security tools.

I'd agree it is possible that C-based bounds checking problems may
exist in the perl interpreter (has anyone checked this?), but I don'
think the second criticism is really fair.  After all, the perl
"interpreter" has most of the facilities of a full compiler.  If you
wish to level this critique at perl, you must also be prepared to
level it at cc (which is also several times larger than sendmail, and
probably doing much weirder things than perl).

-dave