From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 107f24,582dff0b3f065a52 X-Google-Attributes: gid107f24,public X-Google-Thread: 109fba,582dff0b3f065a52 X-Google-Attributes: gid109fba,public X-Google-Thread: 103376,bc1361a952ec75ca X-Google-Attributes: gid103376,public X-Google-Thread: 1014db,582dff0b3f065a52 X-Google-Attributes: gid1014db,public X-Google-ArrivalTime: 2001-08-01 13:46:26 PST Path: archiver1.google.com!newsfeed.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!newshub2.home.com!news.home.com!news1.rdc1.bc.home.com.POSTED!not-for-mail From: kaz@ashi.footprints.net (Kaz Kylheku) Newsgroups: comp.lang.ada,comp.lang.c,comp.lang.c++,comp.lang.functional Subject: Re: How Ada could have prevented the Red Code distributed denial of service attack. References: <3B672322.B5EA1B66@home.com> <9k9ilv$jds$1@farviolet.com> Organization: Psycho-Neurotic Institute for the Very, Very Nervous Reply-To: kaz@ashi.footprints.net User-Agent: slrn/0.9.6.3 (Linux) Message-ID: Date: Wed, 01 Aug 2001 20:46:25 GMT NNTP-Posting-Host: 24.68.85.82 X-Complaints-To: abuse@home.net X-Trace: news1.rdc1.bc.home.com 996698785 24.68.85.82 (Wed, 01 Aug 2001 13:46:25 PDT) NNTP-Posting-Date: Wed, 01 Aug 2001 13:46:25 PDT Xref: archiver1.google.com comp.lang.ada:10984 comp.lang.c:71385 comp.lang.c++:79156 comp.lang.functional:7103 Date: 2001-08-01T20:46:25+00:00 List-Id: In article <9k9ilv$jds$1@farviolet.com>, Lawrence Foard wrote: >Or use of the features of a modern language like C++. Why restrict yourself >to obscure academic languages when a freely available and widely used >language does what you need? > >The irony is that this problem starts in CS departments where kids are still >taught to use 'char *' instead of a string class. Someone who is too clueless to correctly program in a language like C should not be writing critical software in any language. Low level data representation details being taken care of, the programmer will simply focus his or her lack of discipline and skill to some other area. Saying that a better language will prevent errors is like saying that installing video cameras in a neighborhood stops crime. That is a fallacy; the crime is simply displaced to where there are no cameras. Higher level languages are advantageous because of the greater ease in which complex problems can be represented using fewer lines of code that is more easily adapted to changing requirements. They don't compensate for bad programming. Also note that even with classes like std::string, C++ still provides enough proverbial rope. For example, references can be bound to automatic objects which are deleted when their statement block terminates, and then those references can continue to be used. Uses of the ``safe'' operators new and delete can lead to memory leaks or the use of dangling pointers. Even there there are pathatic pitfalls, like using delete [] with new or delete with new []. All kinds of pitfalls for the unwary exist in C++ that are not inherited from C, like calling a virtual function in a base class constructor, expecting to reach the derived one; adding a new virtual function to a base class which happens to match the name and type signature of an existing function in a derived class; deleting through a base class that lacks a virtual destructor. It's trivial to write a diagnostic-free program in this ``modern language'' that contains horrible errors and is grossly non-portable. Lastly, note that when you write real-world software in C++, you cannot avoid interfacing with C libraries, which sometimes require you to use C arrays. For instance, you can't read data from a socket directly into a C++ buffer class. At some point you have to expose a low level buffer, which is just a piece of memory, and pass the size of that buffer as a separate parameter.