> While i agree with Robert on the general hairiness of C, and the > difficulties it represents for programmers, it is not as resistant to > static analysis has he makes out.
It is, in fact, resistant. I've yet to see a C static analysis tool that works well. The ones that do work well require such markup that I can only with great difficulty call the resulting language C -- unlike, say, SPARK, where the markup is an integrated part of the language. Does this mean there are no static analysis tools? Not at all. There are many. But I stand by my assertion that C's design is in places genuinely hostile to static analysis. > The argument Robert makes is usually one that directs people to > higher-level languages, which offer fewer opportunities for the > programmer to screw up on things like memory management, array > indexing, or type safety. Except I didn't make that argument. ;) > However, for certain types of security-critical code, you want the > opposite: you want to move to a language as low-level as possible. Low-level is not incompatible with strong typesafety, better memory management, better string handling, etc. C++ does quite well on this front, as do the more recent versions of Ada and Common LISP. _______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
