bearophile wrote:
Walter Bright:
The $10 billion mistake was C's conversion of arrays to pointers when
passing to a function.
http://www.drdobbs.com/blog/archives/2009/12/cs_biggest_mist.html
Sadly, there's an ongoing failure to recognize this, as it is never
addressed in any of the revisions to the C or C++ standards,
I agree, that's a very bad problem, probably worse than null-related bugs.
It's infinitely worse. Null pointers do not result in memory corruption, buffer
overflows, and security breaches.
and is missed by the supposedly "safe C" alternatives.
This is probably wrong. I don't know many C alternatives, but the well known
Cyclone language uses fat pointers (and other things) to solve that C
problem.
The Cyclone user manual says you have to rewrite a parameter as:
void foo(int *...@numelts(4) arr);
to avoid the bugs with:
void foo(int arr[]);
I think that latter broken syntax is still supported by Cyclone, but with the
inadequate manual http://cyclone.thelanguage.org/wiki/User%20Manual it's hard to
tell.
Oh, and you have to redeclare the C:
int sum(int num, int *p);
as:
int sum(tag_t<`n> num,
int *...@notnull @numelts(valueof(`n)) p);
No wonder Cyclone failed.
