Re: Buffer overflow Article - CACM

comp.lang.ada
 help / color / mirror / Atom feed

From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Subject: Re: Buffer overflow Article - CACM
Date: Wed, 16 Nov 2005 10:26:05 +0100
Date: 2005-11-16T10:25:35+01:00	[thread overview]
Message-ID: <1wclw5pmb787b$.1srcn4xk9xxr5.dlg@40tude.net> (raw)
In-Reply-To: 437a61d0$0$7421$9b4e6d93@newsread4.arcor-online.net

On Tue, 15 Nov 2005 23:32:37 +0100, Georg Bauhaus wrote:

> Dmitry A. Kazakov wrote:
>> On Tue, 15 Nov 2005 15:03:11 +0100, Georg Bauhaus wrote:
>> 
>>>Dmitry A. Kazakov wrote:
>>>
>>>>Ada.Container.
>>>>They don't support safe iteration constructs "for I in X'Range loop".
>>>
>>>Ada.Container does provide safe iteration construct, be
>>>suitably defining and/or suggesting what is meant by "safe".
>>>
>>>OTOH, for I in X'Range loop alone doesn't imply that
>>>iteration will be safe.
>> 
>> As you said, it depends on the definition. Clearly it isn't safe against
>> shelling the computer.
> 
> For sure you can get Constrain_Error using the library,
> and this isn't alwas pleasant. Yet, in which ways is any of the
> following more safe than the other?
> 
>    for I in X'Range loop
>       Modify_Element(X(I));
>    end loop;
> 
>    Iterate(X, Modify_Element'Access);

You are comparing apples and oranges. The first is a language construct,
the second is a call to procedure. They could be made comparable if Ada had
subroutines as first class objects:

   Iterate (X, procedure (E : in out Element_Type) is begin ... end);

Or at least:

   Iterate (X, Modify_Element);

But that is aside. What would you say about the same written in Assembly:

MOV $Modify_Element, R1
MOV $X, R2
JMP $Iterate   ; Isn't this safe?

The question is not how iteration and element processing are composed:
using procedural decomposition or language constructs. The question is how
iteration is expressed. These are not directly related issues and there is
not much choice here: loop vs. recursion.

Note also that your example is based on a trick. You bring a black horse
Modify_Element into consideration. Nothing is known about it. So whatever
the enclosing construct does and how it does this, safety is 0.

As for Robert's note about explicit indices, it would be nice to have

   for E in X loop ...

for array types as well. I think it would be quite easy to implement in an
Ada compiler.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

next prev parent reply	other threads:[~2005-11-16  9:26 UTC|newest]

Thread overview: 58+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-11-13  5:14 Buffer overflow Article - CACM adaworks
2005-11-13  7:35 ` tmoran
2005-11-13  8:49 ` Martin Krischik
2005-11-13 11:55   ` Georg Bauhaus
2005-11-13 14:58     ` Florian Weimer
2005-11-14 13:44       ` Marc A. Criley
2005-11-14 19:13     ` Martin Krischik
2005-11-13 15:02 ` Florian Weimer
2005-11-13 15:44 ` Stephen Leake
2005-11-14 14:40   ` adaworks
2005-11-13 23:57 ` Jeffrey R. Carter
2005-11-14  6:51   ` Martin Dowie
2005-11-14 17:55     ` Jeffrey R. Carter
2005-11-15  9:14       ` Martin Dowie
2005-11-14  7:09   ` Pascal Obry
2005-11-14  8:35     ` Dmitry A. Kazakov
2005-11-14 20:57       ` Simon Wright
2005-11-15  8:49         ` Dmitry A. Kazakov
2005-11-15 14:03           ` Georg Bauhaus
2005-11-15 15:14             ` Dmitry A. Kazakov
2005-11-15 22:32               ` Georg Bauhaus
2005-11-16  1:21                 ` Robert A Duff
2005-11-16  9:26                 ` Dmitry A. Kazakov [this message]
2005-11-16 13:02                   ` adaworks
2005-11-17 11:13                     ` Martin Dowie
2005-11-14 17:58     ` Jeffrey R. Carter
2005-11-14 18:44       ` Larry Kilgallen
2005-11-25  5:56       ` Christopher Browne
2005-11-26  1:31         ` Jeffrey R. Carter
2005-11-27 21:36         ` adaworks
2005-11-28 12:12           ` Simon Clubley
2005-12-01  2:35           ` robin
2005-12-01  7:05             ` adaworks
2005-12-03 13:42               ` robin
2005-12-03 18:18                 ` adaworks
2005-12-12  1:23                   ` robin
2005-12-31  7:39                   ` robin
2005-12-31 17:03                     ` Georg Bauhaus
2006-01-01 12:12                     ` Martin Krischik
2006-01-01 23:12                       ` robin
2006-01-02  3:37                         ` jimmaureenrogers
2006-01-12 22:10                           ` robin
2006-01-03  9:52                         ` Georg Bauhaus
2006-01-12 22:10                           ` robin
2006-01-12 22:36                             ` Georg Bauhaus
2006-01-13 19:53                             ` Keith Thompson
2006-01-13 20:22                               ` Dan Nagle
2006-01-14 17:50                               ` Björn Persson
     [not found]                             ` <12ces1lv5dvm6pifdapj11o1hrtlm6ec7q@4ax.com>
2006-01-13 23:28                               ` robin
2005-11-30 15:27         ` robin
2005-11-14 10:17   ` Peter Amey
2005-11-29  8:16     ` Harald Korneliussen
2005-11-29 10:48       ` Peter Amey
2005-11-30 21:21       ` Brian May
2005-12-01  5:36         ` Jeffrey R. Carter
2005-12-01  9:01           ` Harald Korneliussen
2005-12-01 11:21             ` Martin Dowie
2005-12-01 17:58             ` Jeffrey R. Carter

replies disabled

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox