On Friday, 11 April 2014 at 10:33:52 UTC, Chris wrote:
On Friday, 11 April 2014 at 10:09:48 UTC, Walter Bright wrote:
On 4/11/2014 2:47 AM, bearophile wrote:
A nice blog post, about the Coverity scan not finding the
Heartbleed
(http://heartbleed.com/) bug:
http://blog.regehr.org/archives/1125
http://www.reddit.com/r/programming/comments/22ri2i/heartbleed_wasnt_found_by_static_analysis/
So why don't you just write your own language? Uh, wait, you
did just that. Is there any chance that these issues will be
fixed in C some day, or is it too late, or is the C consortium
too narrow-minded, stubborn, indifferent?
This will never change as we (me and Walter) discussed on a
parallel thread.
The way arrays decay into pointers cannot be fixed while keeping
backwards compatibility.
Algol, PL/I and Mesa had bounds checked arrays, with the option
to disable them if required, but C designers decided against it.
The idea was that developers would use lint for such purposes,
what very few do, even in 2014.
I am convinced that this will only get fixed by a generation
change.
--
Paulo
