der Mouse (Maus surely?) wrote
> Well, actually, but for the world's addiction to sloppy coding.
> It's entirely possible to avoid buffer overflows in C; it 
> just requires
> a little care in coding.  C's major failing in this regard - and I
> don't actually consider it all that major - is that it doesn't provide
> any tools to help.  It assumes that you the programmer know 
> what you're
> doing, and the mismatch between that and the common reality is where
> the problem actually comes from.

I dislike this commonly-used argument that essentially says "you should only employ 
above average people who don't make mistakes".  It is flawed on lots of levels.

1.  On average ability over our industry is average!
2.  Even brilliant, infallible programmers like me make mishtukes shummtimes.
3.  Even if above average, non-sloppy programmers can avoid mistakes, the effort they 
spend doing so is a distraction from their real job of solving the problem the program 
is intended for.
4.  The levels of mental abstraction needed to solve an application domain problem and 
to worry about operator precedence and buffer overflow are completely different; there 
is good evidence that humans don't work well at more than one abstraction level at a 

> All that a "better" language will bring you in this regard is that it
> will (a) push the sloppiness into places the compiler can't check and
> (b) change the ways things break when confronted with input beyond the
> design underlying their code.

This sounds like the Syrius Cybernetics defence (from the Hitch Hiker's Guide to the 
Galaxy);  essentially you seem to be saying it is OK if all the deep and complex flaws 
in a product are completely obscured by all the shallow and obvious ones.  You can't 
assume that the sloppy programmer in C /only/ introduces shallow errors.

In practice, well designed languages can do much more than you claim.  They can 
completely eliminate whole classes of error that currently exercise our attention, 
make sloppiness very hard to conceal and make it much easier to find any subtle errors 
that remain.


This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.  The IT Department at Praxis Critical Systems can be contacted at 
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

This e-mail has been scanned for all viruses by Star Internet. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:

Reply via email to