David Crocker wrote:
Apart from the obvious solution of choosing another language, there are at least
two ways to avoid these problems in C++:
1. Ban arrays (to quote Marshall Cline's "C++ FAQ Lite", arrays are evil!). Use
...
2. If you really must have naked arrays, ban the use of indexing and arithmetic
on naked pointers to arrays (i.e. if p is a pointer, then p[x], p+x, p-x, ++p
If you want safer C and you want the compiler to enforce it, and you
don't mind having to re-write your code some, then use one of the safer
C dialects (CCured <http://manju.cs.berkeley.edu/ccured/> and Cyclone
<http://www.research.att.com/projects/cyclone/>). These tools provide a
nice mid-point in the amount of work you have to do to reach various
levels of security in C/C++:
* low security, low effort
o do nothing
o code carefully
o apply defensive compilers, e.g. StackGuard
o apply code auditors, e.g. RATS, Flawfinder
o port code to safer C dialects like CCured and Cyclone
o re-write code in type safe languages like Java and C#
o apply further code security techniques, e.g. formal theorem
provers WRT a formal spec
* high security, high effort
Crispin
--
Crispin Cowan, Ph.D. http://immunix.com/~crispin/
CTO, Immunix http://immunix.com
