From kragen@dnaco.net Thu Sep 10 12:19:47 1998 Date: Thu, 10 Sep 1998 12:19:46 -0400 (EDT) From: Kragen To: "Bradley M. Kuhn" cc: clug-user@clug.org Subject: Re: life depending on code (was Re: Story about a literary culture of Unix) In-Reply-To: <19980910114224.S7107@ebb.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Keywords: X-UID: 1796 Status: O X-Status: On Thu, 10 Sep 1998, Bradley M. Kuhn wrote: > I don't have any actual ideas---unless you use C like Fortran. Meaning, use no pointers? It'd be OK if you used pointers but never did pointer math, and used a garbage collector (like the Boehm-Demers-Weiser one) instead of free()ing things. Never doing pointer math makes string or array processing impossible, of course. You'd have to use linked lists or trees for everything. :) You could define a "safe array" facility which checked all array accesses. (Or you could try to use the experimental enhancements to gcc.) > The point I was making is that pointers make C dangerous for life critical > applications. Period. Well, I feel rather the same way, since the last year's flood of BUGTRAQ messages finding buffer-overflow holes in everything from named to bash. I think C with garbage collection and bounded pointers is theoretically as safe as any other language. On life-critical applications: I've been reading about the Therac-25. Sounds like it was programmed in assembler or Forth, and so shoddily that I find it unbelievable that anyone actually used this software to control a machine intended to irradiate people with X-rays or high-velocity electrons. It is notable, however, that the bug that killed people was not a pointer bug, but a race condition. My previous exposure to Therac-25 information was much less in-depth. Kragen -- Kragen Sitaker I don't do .INI, .BAT, .DLL or .SYS files. I don't assign apps to files. I don't configure peripherals or networks before using them. I have a computer to do all that. I have a Macintosh, not a hobby. -- Fritz Anderson