Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Compilers

From: crispin at novell.com (Crispin Cowan)
Date: Thu, 04 Jan 2007 12:24:58 -0800
Florian Weimer wrote:

* Crispin Cowan:
  

ljknews wrote:
    

    2. The compiler market is so immature that some people are still
       using C, C++ and Java.
      

I'm with you on the C and C++ argument, but what is immature about Java?
I thought Java was a huge step forward, because for the first time, a
statically typesafe language was widely popular.
    

Java is not statically typesafe, see the beloved ArrayStoreException
(and other cases, depending what you mean by "statically typesafe").
  

So every language that supports arrays is not statically type safe? How
else can a language guarantee array bounds checking without having to
resort to array bounds checking in cases where the indicies are
dynamically computed?

What language does better on array bounds typing? Back in the day,
classic Pascal had very static array types: an array of a specific size
was a type, and you could not mix them. So if you wanted to create a
procedure that processed an array of things, the type of the procedure
was bound to the *fixed* size of the list of things. Statically type
safe, but not very useful. And then you discover the hard way that the
generated code most often didn't even enforce array bounds checking :(

The Hermes programming language (fairly arcane, back in the early 1990s)
dodged this bullet by *not* supporting arrays. Instead it had
"collections": a pile of tuples that could be indexed by value of any
field(s) in the tuple you want. Essentially a relational table. You ask
the collection for an item with a matching field value, and it either
gives it to you, or it throws an exception.

So it seems to me that "record not found" is the bottom line in array
bounds checking. It is pretty fundamentally a dynamic error condition.
Static type checking cannot prove it will never happen, and so it will
always involve a dynamic check of some kind.

Crispin

-- 
Crispin Cowan, Ph.D.                      http://crispincowan.com/~crispin/
Director of Software Engineering, Novell  http://novell.com
     Hacking is exploiting the gap between "intent" and "implementation"
Previous By Date Next
Previous By Thread Next

Current thread: