From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 107f24,582dff0b3f065a52
X-Google-Attributes: gid107f24,public
X-Google-Thread: 109fba,582dff0b3f065a52
X-Google-Attributes: gid109fba,public
X-Google-Thread: 1014db,582dff0b3f065a52
X-Google-Attributes: gid1014db,public
X-Google-Thread: 103376,bc1361a952ec75ca
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2001-08-06 08:37:41 PST
Path: 
 archiver1.google.com!newsfeed.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!wn4feed!wn3feed!worldnet.att.net!207.24.196.41!nntphub.cb.lucent.com!news.research.bell-labs.com!news
From: Matthias Blume <blume@research.bell-labs.com>
Newsgroups: comp.lang.ada,comp.lang.c,comp.lang.c++,comp.lang.functional
Subject: Re: How Ada could have prevented the Red Code distributed denial of    
 service attack.
Date: Mon, 06 Aug 2001 11:17:42 -0400
Organization: Lucent Technologies, Bell Labs
Message-ID: <3B6EB516.7597E074@research.bell-labs.com>
References: <bebbba07.0107292308.d1192fc@posting.google.com>
 <9k9if8$rn3$1@elf.eng.bsdi.com> <GHEt6A.BzD@approve.se>
 <3B687EDF.9359F3FC@mediaone.net> <GHFDJp.G7q@approve.se>
 <slrn9mi1q3.7kb.randhol+abuse@kiuk0156.chembio.ntnu.no>
 <PNha7.3185$e%4.96222@news3.oke.nextra.no>
 <5267be60.0108021911.7d8fe4@posting.google.com>
 <cOHa7.3620$e%4.107328@news3.oke.nextra.no>
 <3B6B637F.E3FA243E@worldnet.att.net>
 <xpTa7.3738$e%4.109789@news3.oke.nextra.no>
 <fGxb7.333$NJ6.577@www.newsranger.com>
 <3b6ea164.1479721766@news.worldonline.nl> <wi68zgxcjts.fsf@merlin.irisa.fr>
NNTP-Posting-Host: blume-pcmh.research.bell-labs.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.19-6.2.7 i686)
X-Accept-Language: en, de, ja
Xref: archiver1.google.com comp.lang.ada:11374 comp.lang.c:72467
 comp.lang.c++:80329 comp.lang.functional:7345
Date: 2001-08-06T11:17:42-04:00
List-Id: <comp.lang.ada>

Yoann Padioleau wrote:
> 
> info@hoekstra-uitgeverij.nl (Richard Bos) writes:
> 
> > Ted Dennison<dennison@telepath.com> wrote:
> >
> > > compiler. Remember, "printf" actually has to stop and interpret the input string
> > > to look for replacements.
> >
> > No, it doesn't; not unless the format string isn't a constant.
> Yes it does. The source code from printf is in the C library, so the compiler
> cant optimise code such as 'printf("%d    %f   %s",i,f,str)', he cant
> generate print_int(i);print_space(4);print_float(f);....

Sure it can.  It is explicitly permitted for things like <stdio.h> and
everything defined there to be "special" so that a compiler can optimize
them.  Generating optimized code for calls of printf that have a constant
format string does not require the compiler to look at the executable code
of printf that is in the library.  It just has to have built-in knowledge
of what printf is supposed to do.

It's just like us humans: When I see "fprintf(f, "%s", foo)" in a C program,
I _know_ that I can replace it with "fputs (foo, f)".  And I know this without
looking at the code for fprintf, without partially applying it to "%s".

Matthias