David Crocker wrote:

Apart from the obvious solution of choosing another language, there are at least
two ways to avoid these problems in C++:

1. Ban arrays (to quote Marshall Cline's "C++ FAQ Lite", arrays are evil!). Use
2. If you really must have naked arrays, ban the use of indexing and arithmetic
on naked pointers to arrays (i.e. if p is a pointer, then p[x], p+x, p-x, ++p

If you want safer C and you want the compiler to enforce it, and you don't mind having to re-write your code some, then use one of the safer C dialects (CCured <http://manju.cs.berkeley.edu/ccured/> and Cyclone <http://www.research.att.com/projects/cyclone/>). These tools provide a nice mid-point in the amount of work you have to do to reach various levels of security in C/C++:

   * low security, low effort
         o do nothing
         o code carefully
         o apply defensive compilers, e.g. StackGuard
         o apply code auditors, e.g. RATS, Flawfinder
         o port code to safer C dialects like CCured and Cyclone
         o re-write code in type safe languages like Java and C#
         o apply further code security techniques, e.g. formal theorem
           provers WRT a formal spec
   * high security, high effort


Crispin Cowan, Ph.D.  http://immunix.com/~crispin/
CTO, Immunix          http://immunix.com

Reply via email to