From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,bc1361a952ec75ca X-Google-Attributes: gid103376,public X-Google-Thread: 109fba,582dff0b3f065a52 X-Google-Attributes: gid109fba,public X-Google-Thread: 1014db,582dff0b3f065a52 X-Google-Attributes: gid1014db,public X-Google-ArrivalTime: 2001-08-16 15:40:37 PST Path: archiver1.google.com!newsfeed.google.com!newsfeed.stanford.edu!canoe.uoregon.edu!logbridge.uoregon.edu!titan03.ksc.nasa.gov!niven.ksc.nasa.gov!usenet From: "Samuel T. Harris" Newsgroups: comp.lang.ada,comp.lang.c,comp.lang.c++ Subject: Re: How Ada could have prevented the Red Code distributed denial of service attack. Date: Thu, 16 Aug 2001 17:38:54 -0500 Organization: Raytheon Aerospace Engineering Services Message-ID: <3B7C4B7E.AD6FC072@gsde.hou.us.ray.com> References: <3B7BC847.61D7EF55@home.com> <9lhf57$i8$1@panix3.panix.com> Reply-To: samuel_t_harris@raytheon.com NNTP-Posting-Host: sstf-fw.jsc.nasa.gov Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Mailer: Mozilla 4.7 [en] (X11; U; IRIX64 6.2 IP19) X-Accept-Language: en Xref: archiver1.google.com comp.lang.ada:12021 comp.lang.c:74870 comp.lang.c++:83261 Date: 2001-08-16T17:38:54-05:00 List-Id: Greg Comeau wrote: > > In article <3B7C1EF2.4DF3C7A5@gsde.hou.us.ray.com>, > Samuel T. Harris wrote: > >I do have my 1978 K&R handy and it is indeed ambiguous > >as to whether or not the zero value automatically appended > >after a string constant should or should not be counted > >by size_of. > > I'm surprised! BTW, it's sizeof not size_of > > >The definition of size_of > > sizeof! :) Of course. My apologies for the mis-spelling. > > >discusses the "size" of an object > > Ok. > > >while a string constant is defined as a sequence of chars > >between quotes. > > Ok. Do note that the zero value is _not_ part of the sequence of chars between the quotes. > > >A zero value which is appended after or > >at the end the string by the compiler. > > Ok. The wording does not state that the zero value is part of the string object. That is part of the problem. > > So, taking the above 3 ok's together, something such as "ab" > contains 3 characters, 'a', 'b', and '\0'. And size the size > of this object is 3. > > >Is is unclear as > >to whether or not the zero value is considered part of the > >string constant. > > Why is it unclear? You just said above that it's appended. > How is that ambiguous? Because it is not stated that the extra zero value is considered part of the object. > > >There is a discussion of the difference between 'x' and "x" > >which stipulates that "x" uses storage for 'x' and a zero value. > > That sounds right, and does not change the above. Exactly. This does not produce an requirements that the zero value, which requires storage, is itself considered part of the string object to which it is attached. > > >Note that this reference is _not_ part of the C Reference Manual > >section. > > What does it say in the C ref Manual then? The C Reference Manual section does not compare 'x' with "x" at all so no joy there. > > >This seems to indicate that the zero value is part of the > >storage of the string constant > > Agreed. Of course, indication is still an inferrence. We are not talking about what everyone knows to be true. We are talking about what a language reference says and how it can be interpreted. > > >but size_of > > sizeof! > > >is not defined in terms of storage, but in terms of the size of an object. > > And what do they say that maks this difference of phrasing > ambiguous as to what sizeof a string literal meant to K&R. It is unclear as to whether or not the zero value added by the compiler is considered part of the string object. Nothing says it is and an interpretation which considers it part of the string constant is contrary to the definition of a string constant (which is defined only in terms of the characters inside the quotes). Not only is the C Reference Manual in 1978 K&R ambigous on this issue, it is contradictory. It is unclear is sizeof is counting storage used by an object or the logical size of an object since the storage of an object and this logical size are never connected in the C Reference Manual as corresponding concepts. > > >So, according to 1978 K&R, the value of size_of "ab" is > >indeed open to interpretation. > > It's not obvious to me how it's open to interpretation. The problems with interpretation could be resolved easily with ... 1. A statement in the C Reference Manual section which says the added zero value is part of the string object. Nothing in the Manual makes this clear. Indeed, a string constant is defined as the sequence of characters inside the quotes. The text regarding the added zero value comes _after_ this definition and is not _part_ of this definition. 2. A precise definition of sizeof which involves storage concepts instead of simply saying "the number of bytes used by an array". If an array has padding, are these counted or not? If it has a dope-vector, is this counted as being some of the bytes used by the array? Please note that this is not really a critique of the valuable work of Kernighan and Ritchie. It is a recognition that language specification has indeed come a long way since then; travelling along a frequently bumpy road. The ambiguities of the past lead to the more precise and clear descriptions of today. -- Samuel T. Harris, Senior Software Engineer II Raytheon, Aerospace Engineering Services "If you can make it, We can fake it!"