Re: StackGuard with ... Re: [Paper] Format bugs.

[Hannah Schröter <hannah () SCHLUND DE>]

Hello!

On 07/21, Brett Glass wrote:

> 2) The C language itself has no way of specifying a MINIMUM number of
> arguments for a function call. Had the compiler noted that setproctitle()
> and similar functions need at least two arguments, the mistakes would
> have been caught from the get-go.

However, setproctitle("foo") is correct and safe!

> [...]

> The former requires changing the conventions used by the standard C
> libraries, which is probably infeasible.

Not only that, but reasonable alternatives are cumbersome in C.
Compare the C *printf* and similar functions with what is possible in
Standard ML (strongly typed formats, where the compiler can check
that the arguments are applied according to the format in *every* case)
or experimental type systems like Cayenne's (you can derive the parameter
types from a C style format *string*, and the call is accepted only if
the compiler can prove at compile time that the arguments always match
the format string, see http://www.cs.chalmers.se/~augustss/cayenne/
for details; note that in practise undecidable type systems aren't that
much a problem. The type system of C++ is undecidable, too). In other
languages, there can at least be safe runtime checking, such as
Lisp's format function.

> [...]

Regards, Hannah.
--
Hannah Schröter                Technik              hannah () schlund de
Bei Schlund + Partner AG       Erbprinzenstr. 4-12  D-76133 Karlsruhe

Besuchen Sie unseren Automarkt http://www.webauto.de/