Re: MISRA C

[Crispin Cowan <crispin () immunix com>]

Steve Litt wrote:


On Thursday 01 January 2004 01:56 pm, David Crocker wrote:
[clip]
 


Fine - if you can avoid using C, do so! For those who must use C, there is
rarely any good reason to use pointer arithmetic anyway. Some of the best
C++ developers do not even use arrays (they use classes from the standard
template library instead).
   

Fascinating! C++ without pointers or arrays, using the STL. I'm writing a book 
about Perl right now, but when I'm done perhaps I'll research the STL more 
thoroughly.


Where would I find the Standard Template Library for the gcc that comes on 
Linux computers (I use Mandrake 9.0 and 9.2)?



For safe(er) variants of the C language, check out:

   * CCured: Necula et al http://manju.cs.berkeley.edu/ccured/
   * Cyclone: long list of people at AT&T Research and Cornell
     http://www.research.att.com/projects/cyclone/

These language variants have the advantage that they *cannot* express 
type-unsafe stuff. In contrast, using a C++ template merely encourages 
good practice, but there is nothing to prevent time-to-market pressure, 
or even a typo, from introducing a serious bug. Caveat: IIRC, only one 
of CCured and Cyclone is formally type safe, but I can't remember which one.


And (pimping my products here :) if you must use an unsafe language, 
consider using run-time protection such as StackGuard 
<http://immunix.org/stackguard.html> and FormatGuard 
<http://immunix.org/formatguard.html> provided in Immunix 
<http://www.immunix.com/shop/>.


Crispin

--
Crispin Cowan, Ph.D.  http://immunix.com/~crispin/
CTO, Immunix          http://immunix.com
Immunix 7.3           http://www.immunix.com/shop/