Sujet : Re: VMS
De : tnp (at) *nospam* invalid.invalid (The Natural Philosopher)
Groupes : comp.os.linux.miscDate : 21. Jun 2025, 01:07:06
Autres entêtes
Organisation : A little, after lunch
Message-ID : <1034t3a$aubo$2@dont-email.me>
References : 1 2 3 4 5 6 7 8 9 10 11 12 13
User-Agent : Mozilla Thunderbird
On 21/06/2025 00:07, Rich wrote:
The Natural Philosopher <tnp@invalid.invalid> wrote:
On 20/06/2025 14:36, Rich wrote:
The Natural Philosopher <tnp@invalid.invalid> wrote:
On 20/06/2025 09:00, Richard Kettlewell wrote:
c186282 <c186282@nnada.net> writes:
On 6/19/25 3:40 AM, Richard Kettlewell wrote:>
c186282 <c186282@nnada.net> writes:
IMHO, stick to 'C' ... but use GOOD PRACTICES.
>
The software industry has been trying this for decades now. It does
not work.
>
At some point, soon, they need to start flagging the unsafe functions
as ERRORS, not just WARNINGS.
>
The problem is not just a subset of unsafe functions. The whole language
is riddled with unsafe semantics.
>
There is some movement towards fixing the easy issues, e.g. [1]. But the
wider issues are a lot harder to truly fix, so much so that one of the
more promising options is an architecture extension[2]; and there
remains considerable resistance[3] in the standards body to fixing other
issues, despite their recurring role in defects and vulnerabilities.
>
[1] https://www.open-std.org/jtc1/sc22/wg14/www/docs/n3322.pdf
[2] https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/
[3] https://www.youtube.com/watch?v=DRgoEKrTxXY
>
Most languages after C designed these issues out, one way or another.
The clever bit is figuring out how to combine performance and safety,
and that’s what language designers have been working out, increasingly
successfully.
>
I don't really see how you can have a program that cannot write or read
memory beyond the intentions of the original programmer.
>
Ada accomplished it years ago (i.e., Rust is nothing new in that
regard). But.... it did so by inserting in the compiled output all
the checks for buffer sizes before use and checks of error return codes
that so often get omitted in C code. And the performance hit was
sufficient that Ada only found a niche in very safety critical
environments (aircraft avionics, etc.).
>
I bet a bad (or extremely good) programmer could circumvfent that
Very likely, but the idea was to protect the typical programmer from
their own common mistakes (of not carefully checking error return codes
or buffer lengths, etc.). I.e. the typical 9-5 contract programmer,
not the Dennis Ritchie's of the world.
the 9-5 contract programmers WERE the Dennis Ritchies.
The idiots were the permies.
-- “Ideas are inherently conservative. They yield not to the attack of other ideas but to the massive onslaught of circumstance" - John K Galbraith
Re: VMS
Re: VMS