On Mon, 15 Jul 1996, David Stagner <stagda_at_ncs.com> wrote:
>Many, many well-proven languages handle array bounds checking for the
>programmer, and do so efficiently.
It might be worth noting that Richard W.M. Jones <rwmj_at_doc.ic.ac.uk>
has written some patches to gcc which add fine-grained bounds checking
to C. Sources are in: ftp://dse.doc.ic.ac.uk/pub/misc/bcc
Additional information at:
http://www-dse.doc.ic.ac.uk/~rj3/bounds-checking.html
http://www-ala.doc.ic.ac.uk/~phjk/BoundsChecking.html
Unfortunately, the resultant code is substantially slower and is therefore
really only suitable for testing - this seems primarily due to the
requirement for bounds-checked code to fully interwork with non bounds-
checked code.
>What we need is a powerful, portable, widely used language that
>automagically handles bounds checking for us. Sounds like perl to
>me.:}
I disagree. Whilst perl at the script level hides array-bounds problems
from the user, it is not a panacea. Firstly, the interpreter itself is
written in C - thus it is possible that the interpreter itself may suffer
from an array-bounds problem. Secondly, it is _very_ large (several times
the size of sendmail) thus violating the KISS principle - which is
particularly important for security tools.
----
Peter Jeremy (VK2PJ) peter.jeremy_at_alcatel.com.au
Alcatel Australia Limited
41 Mandible St Phone: +61 2 690 5019
ALEXANDRIA NSW 2015 Fax: +61 2 690 5247
PGP fingerprint: 2A C6 47 D1 BF 56 5A 10 CC 02 2D 89 EA 10 AA 40
Received on Jul 15 1996
Intro
