From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,c9d5fc258548b22a X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!news3.google.com!proxad.net!feeder1-2.proxad.net!194.25.134.126.MISMATCH!newsfeed01.sul.t-online.de!t-online.de!newsfeed.arcor.de!newsspool1.arcor-online.net!news.arcor.de.POSTED!not-for-mail Date: Fri, 04 Feb 2011 11:31:58 +0100 From: Georg Bauhaus User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.14) Gecko/20110123 Thunderbird/3.1.8 MIME-Version: 1.0 Newsgroups: comp.lang.ada Subject: Re: How do I write directly to a memory address? References: <67063a5b-f588-45ea-bf22-ca4ba0196ee6@l11g2000yqb.googlegroups.com> <31c357bd-c8dc-4583-a454-86d9c579e5f4@m13g2000yqb.googlegroups.com> <05a3673e-fb97-449c-94ed-1139eb085c32@x1g2000yqb.googlegroups.com> In-Reply-To: <05a3673e-fb97-449c-94ed-1139eb085c32@x1g2000yqb.googlegroups.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Message-ID: <4d4bd59e$0$6893$9b4e6d93@newsspool2.arcor-online.net> Organization: Arcor NNTP-Posting-Date: 04 Feb 2011 11:31:58 CET NNTP-Posting-Host: 68f44c44.newsspool2.arcor-online.net X-Trace: DXC=C5J4NO?JejVX<;U4HBfZ;eRNUT<8N=\?d[ X-Complaints-To: usenet-abuse@arcor.de Xref: g2news1.google.com comp.lang.ada:16864 Date: 2011-02-04T11:31:58+01:00 List-Id: On 2/4/11 10:24 AM, Ludovic Brenta wrote: >>> unsigned int print(char *message, unsigned int line) >>> { >>> char *vidmem = (char *) 0xb8000; >>> unsigned int i= 0; >>> >>> i=(line*80*2); >>> >>> while(*message!=0) // 24h > > Did I mention that *every* time I look at C code I see a bug? > Sometimes, looking twice at the same code reveals two bugs! Here you > do not check that message != NULL; the condition should be: > > while (message&& *message != 0) I think you won't be convincing a C programmer by stipulating that he has been stupid and passed a null pointer for message. He hasn't, he has thought about his program. And it won't help promote Ada to argue that the stupid misuse of a C function is a property of C. You are inventing contract breaches that are equivalent to those in the style of Ariane 4/5. Ada's type system and range checking has not prevented programmers and engineers making a mistake. E.g., you'd have to show a demonstration that, typically, arrays with index subtype excluding 16 and then accessed with value 16 have a suitable exception handler with them. Or you'd end up talking about programmer competence, too, and there we are, the C folks begging the question. CVEs, as every real C programmer knows, are caused by stupid, incompetent C programmers who should find a different occupation.