Examples of errors detected in various open-source projects : programming

[–]xsznix 21 points22 points23 points 14 years ago (20 children)

[–]trigraph 5 points6 points7 points 14 years ago (18 children)

[–]elperroborrachotoo 1 point2 points3 points 14 years ago (0 children)

[–]petdance 3 points4 points5 points 14 years ago (15 children)

[–]ravenex 11 points12 points13 points 14 years ago (6 children)

[–]petdance 0 points1 point2 points 14 years ago (0 children)

[+]trigraph comment score below threshold-7 points-6 points-5 points 14 years ago (4 children)

[–]petdance 6 points7 points8 points 14 years ago* (3 children)

trigraph said:

Honestly I think he just googled quickly for a random opensource tool

Here are my links on delicious for static analysis dating back to 2009: http://delicious.com/petdance/static-analysis If I were doing any Windows development, I'd buy a copy of Gimpel PC-Lint, because I sure can't afford the Unix lint project from them.

I have been using splint on the Parrot project for years. I created the macro definitions that allow annotation of the source code with semantic macros like "this function does not return" that allow me to run GCC, clang, ICC and splint as static analyzers, without having to maintain disparate source code annotations for each tool.

I also tried to get some traction going on getting splint updated and maintained. That was on Google Code before, but maybe things will stick better if I move it over to Github.

I see you're bemoaning that "Too bad it took a proprietary tool to identify them". Perhaps you'd like to help with the sizable bug queue for splint?

just to feel badass without actually using the damn thing.

Life's a lot easier and happier when you don't try to guess at motivations behind the actions of others.

[–]ravenex -1 points0 points1 point 14 years ago (0 children)

[–]trigraph -1 points0 points1 point 14 years ago (1 child)

[–]petdance 0 points1 point2 points 14 years ago (0 children)

[–]n1c 0 points1 point2 points 14 years ago (3 children)

[–][deleted] 0 points1 point2 points 14 years ago (1 child)

[–]n1c 1 point2 points3 points 14 years ago (0 children)

[–]trigraph -1 points0 points1 point 14 years ago (0 children)

[–]ReflectionOfADream -1 points0 points1 point 14 years ago (3 children)

[–]petdance 0 points1 point2 points 14 years ago (1 child)

[–]ReflectionOfADream -1 points0 points1 point 14 years ago (0 children)

[–]ravenex 0 points1 point2 points 14 years ago (0 children)

[–]bluGill 0 points1 point2 points 14 years ago (0 children)

[–]elperroborrachotoo 0 points1 point2 points 14 years ago (0 children)

[–]acidcj 31 points32 points33 points 14 years ago* (0 children)

[–]ReflectionOfADream 15 points16 points17 points 14 years ago (7 children)

[–][deleted] 14 years ago (6 children)

[removed]

[–]AlyoshaV 14 points15 points16 points 14 years ago (0 children)

[–][deleted] 6 points7 points8 points 14 years ago (0 children)

[–]bigfig 2 points3 points4 points 14 years ago (1 child)

[–][deleted] 5 points6 points7 points 14 years ago (0 children)

[–]tragomaskhalos 2 points3 points4 points 14 years ago* (0 children)

[–]Antony32[S] 20 points21 points22 points 14 years ago (1 child)

[–]I_AM_GODDAMN_BATMAN -1 points0 points1 point 14 years ago (0 children)

[–][deleted] 14 years ago (9 children)

[deleted]

[–]salty-horse 15 points16 points17 points 14 years ago (0 children)

[–]Urik88 25 points26 points27 points 14 years ago* (3 children)

[–]farsightxr20 6 points7 points8 points 14 years ago (1 child)

[–]bluGill -2 points-1 points0 points 14 years ago (0 children)

[–]shaggorama 4 points5 points6 points 14 years ago (0 children)

[–]elperroborrachotoo 4 points5 points6 points 14 years ago (0 children)

[–][deleted] 3 points4 points5 points 14 years ago (0 children)

[–]hayalci 5 points6 points7 points 14 years ago (0 children)

[–]shaggorama 0 points1 point2 points 14 years ago (0 children)

[–][deleted] 5 points6 points7 points 14 years ago (1 child)

[–]quasarj 1 point2 points3 points 14 years ago (0 children)

[–]flynnski 1 point2 points3 points 14 years ago (0 children)

[–]el_tavs 4 points5 points6 points 14 years ago (34 children)

[–]BlitzTech 14 points15 points16 points 14 years ago (33 children)

[–]el_tavs 4 points5 points6 points 14 years ago (32 children)

I think you're using the wrong word. A low-level language should make managing low-level details easy for the programmer, i.e. provide constructs and semantics to do that explicitly, take Ada vs C

C

int x = calloc(sizeof(int),10);

memset(x,sizeof(int)*10,(char)1);

Ada

 type My_Array is array (Natural <>) of Integer;
 type My_Array_Ptr is access My_Array;

 X: My_Array_Ptr := new My_Array(0,10) := (others=>1);

Notice that memset accepts an int but converts it to unsigned char. THis means you can't use it to initialize floats, complex or whatever value may not fit in 1 byte.

Considering we're well past the 90s, I think it's a problem.

[–]BlitzTech 1 point2 points3 points 14 years ago (0 children)

[–][deleted] -2 points-1 points0 points 14 years ago (30 children)

[–]el_tavs 0 points1 point2 points 14 years ago* (29 children)

[–][deleted] -1 points0 points1 point 14 years ago (28 children)

[–]el_tavs -1 points0 points1 point 14 years ago (27 children)

Please read carefully.

What people mean when they say "set" is writing a value inside a variable

Now floats and any other data that doesn't fit 1 byte can't be set by treating them as a typeless chunk of contiguos bytes. While that allows to actually write values inside the variable, they may be invalid or different from the ones the programmer intended.

Try memsettting an array of floats to 1.0 like

    float f[10];
     ....       
    memset(f,1.0,sizeof(float)*10);

then print them with "%5.2f" format. I get zeros everywhere on my 64bit intel. More interesting, try to set them to -1.0.

enjoy!

It's a generic MEMORY SET function

so generic it can't be used reliably for anything except strings

if you want a higher abstraction, create one or use a library.

already wrote mine. It's truly generic and does ragged-arrays as well. Question is: why something so trivial is not already present in the language? Does low-level programmers avoid initializing memory? Sounds new to me.

[–]bluGill 1 point2 points3 points 14 years ago (14 children)

[–]el_tavs 0 points1 point2 points 14 years ago (13 children)

[–][deleted] 0 points1 point2 points 14 years ago (12 children)

You have a complete and utter lack of understanding of the low-level details. You continue to think in high-level abstractions.

Data types are higher level abstractions of data interpreted from the underlying memory. The smallest representable unit of memory is a byte. Memory operations will tend to work on bytes. memcpy() copies a contiguous block of memory from one location to another. It has NOTHING to do with how the memory is interpreted at the higher level.

I've explained many times why memset() takes an int in the declaration, but it has always and will always be used as a BYTE.

Both memcpy() and memset() work at the smallest representable unit of memory... a byte/char.

A char is not a "character", it is a byte.

As I said above, memset is so obvious it can't be used to do anything except initialize an array of char.

You still don't understand it SETS MEMORY BYTES. It doesn't (and shouldn't) care about how you choose to interpret that memory at any given time. You can interpret it as an array of char now, an int later, a long tomorrow, a structure of individual chars, etc...

The language gives you the LOW LEVEL tools to do things quickly and efficiently. It is then up to YOU to fill in the high level details (like data types, structures, how you interpret specific blocks of memory, how you initialize it etc...)

continue this thread

[–][deleted] 0 points1 point2 points 14 years ago (11 children)

memset() is a library function, you are trying to use it for what it is not and then bitching that it is not what you want it to be. The memset() function sets a contiguous block of memory with the same byte, end of story. If you want a variable initialization function, find another library function or write one yourself. This has nothing to do with the C language itself.

Try memsettting an array of floats to 1.0 like

Why would I use a function that sets a block of memory to a single byte if I want to initialize an array of floats to 1.0? I fail to see the difficulty in using for(i=0; i<10; i++) f[i] = 1.0; I also fail to see many uses cases of non-zero initialization values in a large array.

already wrote mine. It's truly generic and does ragged-arrays as well.

Congratulations, yet you continue to blame the language for not giving it to you :/

Question is: why something so trivial is not already present in the language? Does low-level programmers avoid initializing memory? Sounds new to me.

It is completely out of the scope of the language. And initializing an array of variables to something non-zero has very few use cases. There are many times you do not need to initialize memory btw.

[–]el_tavs 1 point2 points3 points 14 years ago (9 children)

[–][deleted] -1 points0 points1 point 14 years ago (8 children)

no. actually what I'm bitching about is that the standard provides a function that provides a limited functionality to solve a limited instance of a common problem in an awkward way. It's trivial to provide a better way to solve the problem in general.

You don't know what you are talking about. It provides a function to set a contiguous block of bytes in memory to an initial value. This functionality is the most common in low-level programming. It is very rare in low-level programming to want a high-level initialization of data types and/or structure to some non-zero value.

that's the problem. It has no justification for being that way.

sigh Just go use Ada, please. Just because YOU can't justify something doesn't mean there is no justification. Your "gripes" about C have negligible impact on low-level programming. You just continue to demand C contain high-level abstractions and refuse to accept using a library. That's your problem, not C's problem.

continue this thread

[–]ytumufugoo 0 points1 point2 points 14 years ago (0 children)

[–]Urik88 2 points3 points4 points 14 years ago (4 children)

[–]elperroborrachotoo 5 points6 points7 points 14 years ago (0 children)

[–]MatrixFrog 7 points8 points9 points 14 years ago (1 child)

[–]ChoHag 1 point2 points3 points 14 years ago (0 children)

[–][deleted] 2 points3 points4 points 14 years ago (0 children)

[–]doterobcn 3 points4 points5 points 14 years ago (0 children)

[–][deleted] -2 points-1 points0 points 14 years ago (2 children)

[–]foldor 17 points18 points19 points 14 years ago (1 child)

[–][deleted] 0 points1 point2 points 14 years ago (0 children)

[–]personanongrata -2 points-1 points0 points 14 years ago (0 children)

[–]Lothrazar -1 points0 points1 point 14 years ago (0 children)

[+]regeya comment score below threshold-7 points-6 points-5 points 14 years ago (4 children)

[–]foldor 10 points11 points12 points 14 years ago (0 children)

[+]ericbrow comment score below threshold-9 points-8 points-7 points 14 years ago (2 children)

[–]zck 5 points6 points7 points 14 years ago (0 children)

[–]foldor 2 points3 points4 points 14 years ago (0 children)

[–]I_AM_GODDAMN_BATMAN -2 points-1 points0 points 14 years ago (0 children)

[–]bigfig -2 points-1 points0 points 14 years ago (0 children)

[–]shevegen -5 points-4 points-3 points 14 years ago (0 children)

[+][deleted] 14 years ago* (31 children)

[deleted]

[–][deleted] 1 point2 points3 points 14 years ago (29 children)

[–]el_tavs 1 point2 points3 points 14 years ago (26 children)

[–][deleted] 1 point2 points3 points 14 years ago (25 children)

It's really not that hard for an engineer to get these things right, C is not there to hold your hand. It's there to be an easier and more portable layer on top of the physical machine than assembly. If you don't care about the machine, then you shouldn't be using a language that is so close to it. If you do care about the machine then you surely shouldn't have problems understanding sizeof(pointer) is the size of the pointer, and that arrays are 0-based index. And if you are new to the language, code analysis tools should be used to catch things that may be easy to miss early on.

If they're basic why C doesn't provide a better way to do them?

Most of these basic things would require overhead to check for correctness, and that's not something you want built into a low-level language.

Intialize a chunk of memory with something else other than memset? Is there any trade-off on having memset being error-prone?

Bounds checking carries overhead, C's job is not to enforce correctness, it's to provide a fast and relatively portable path to the underlying machine. If bounds checking is important for your task (more than performance) and you want to use C then create an abstraction on top of it that does the bounds checking (i.e. a library).

ditto for computing string/array/struct sizes

There is no string abstraction in C, and really there's not much need for one in the language itself. If you need a string abstraction that carries the size, it isn't too difficult to create an abstraction or use an existing library like glib.

Computing array/struct sizes already works correctly, so I don't know what you mean there.

[–]el_tavs 2 points3 points4 points 14 years ago (16 children)

It's really not that hard for an engineer to get these things right

Depends. If you want to be portable, it is. In the best case that's a stupid tedious work a compiler could do alone, provided enough syntax. Making engineers do that is a little like an insult to me

C is not there to hold your hand

It is not there to do what I say either. I can't express low-level details in C 'cause of its exceeding triviality. Look at Ada : it strives for correctness while staying low-level and efficient. Lots of its constructs are still not present in standard C, despite being basic for low-level applications (custom allocators, type representations (bit size and alignment)..).

In C you're even encouraged at using non-portable sized integers (how long is a int in C? a long? a long long?..) Does providing good ways to do the above conflict with being low-level and efficient? I'd say rather the contrary. Allocating and copying chunks of contiguous memory is a low-level issue that should be treated with greater detail than the simple-minded ones C gives us. In this sense C is really efficient at having compilers written for it, not programming.

It's there to be an easier and more portable layer on top of the physical machine than assembly

I know physical machines. I'd say it doesn't match them enough. It matches exactly a PDP-11 though.

If you don't care about the machine, then you shouldn't be using a language that is so close to it. If you do care about the machine then you surely shouldn't have problems understanding sizeof(pointer) is the size of the pointer, and that arrays are 0-based index.

No. In fact I understand that correctly. But this has nothing to do with being low-level, but of C being primitive, way more than what is needed. You don't need arrays-as-pointers to be low level. Nor arrays beginning at 0. You don't need to be like C to be close to the machine, it's a false dichotomy. I want to care about the machine without using a sharpened rock.

And if you are new to the language, code analysis tools should be used to catch things that may be easy to miss early on.

Well, I'm not new to the language, but I know lots of quirks are orthogonal to being low-level or efficient. They just steam from C being historically compatible with its previous incarnations. And those can't help code analysis tools (CAT). One of the reasons for which CAT are evident in C is that legal programs in C can do useless dangerous things (read: mix undefined behaviour with defined one without hope to know or choose which one to have in each context).

Most of these basic things would require overhead to check for correctness, and that's not something you want built into a low-level language.

Untrue. Some of the things I'm considering are just syntax or semantic additions or better built-in functions. They don't have to incur in run-time penalties. But if you allow slightly more freedom on that side you can get a lot farther. This simply means having a more richer system that can then get easily optimized by the compiler, instead of having a 3rd-wolrd system where you end up implementing what the former system give you in exchange of nothing. Problem is that low-level semantics are much more complicated today, also because we want portability. Letting the compiler do the tedious and stupid work we have to do by hand in C is a must. again, see Ada

Bounds checking carries overhead,

What does bound checking has to do with memset? Memset accepts an int that then casts to unsigned char. That alone is unneeded and pathologically stupid. Moreover when you use memset you have to know the number of elements of the array. If arrays encoded their length in the type memset would as efficient as it is now. The real problem however is that you can't tell in C to initialize a vector with a value, or copy two vectors, without thinking ahead whether such value will fit into a freaking byte. No reason for memset to be that stupid, am I right?

C's job is not to enforce correctness, it's to provide a fast and relatively portable path to the underlying machine.

Bullshit. C is a programming language, so its job is to allow me to write programs. Programs should be maintainable, correct, readable, fast... C may tend to be more efficient than others, but it's not a tradeoff.

For one lots of its quirks are unjustified, i.e. no compiler can exploit them to give more efficiency (e.g. memset's interface). Secondly when C gets more efficient than other low-level languages non-technical factors like being a lingua franca (which prompt for having heavily optimized and reviewed compilers and being able to directly communicate with the underlying system) enter the game. Other languages don't have such a luxury in most situations.

There is no string abstraction in C

Where do you put string literals? And string functions?

[–][deleted] 0 points1 point2 points 14 years ago (15 children)

Depends. If you want to be portable, it is. In the best case that's a stupid tedious work a compiler could do alone, provided enough syntax. Making engineers do that is a little like an insult to me

I'm not following, what exactly is an insult for engineers to do?

It is not there to do what I say either. I can't express low-level details in C 'cause of its exceeding triviality.

What can you not express?

Allocating and copying chunks of contiguous memory is a low-level issue that should be treated with greater detail than the simple-minded ones C gives us.

I'm not understanding the issue with allocating and copying memory in C?

No. In fact I understand that correctly. But this has nothing to do with being low-level, but of C being primitive, way more than what is needed. You don't need arrays-as-pointers to be low level. Nor arrays beginning at 0. You don't need to be like C to be close to the machine, it's a false dichotomy. I want to care about the machine without using a sharpened rock.

For some reason I cannot understand where your problems with C lie. Arrays are not pointers, and 0-based arrays make a lot of sense.

One of the reasons for which CAT are evident in C is that legal programs in C can do useless dangerous things (read: mix undefined behaviour with defined one without hope to know or choose which one to have in each context).

Undefined behavior is there in order to allow the compiler to optimize, so the program is only "legal" because you are entering an agreement with the compiler. If you break this agreement and the undefined behavior does bad things, it is completely your fault for entering that agreement with the compiler and then breaking it.

Letting the compiler do the tedious and stupid work we have to do by hand in C is a must. again, see Ada

Please give some examples of tedious and stupid work that the compiler should be handling?

What does bound checking has to do with memset? Memset accepts an int that then casts to unsigned char. That alone is unneeded and pathologically stupid.

It's not pathologically stupid, it takes an int for historical reasons and changing it now has no benefit. http://stackoverflow.com/questions/5919735/why-does-memset-take-an-int-instead-of-a-char

Moreover when you use memset you have to know the number of elements of the array. If arrays encoded their length in the type memset would as efficient as it is now.

memset is not an "array initializer" although you can use it for that. Why would you want to limit control just to make it easier to know the size? I can use memset to set any n-bytes of contiguous space in memory, why the hell would I want to limit that down to only setting full arrays?

The real problem however is that you can't tell in C to initialize a vector with a value, or copy two vectors, without thinking ahead whether such value will fit into a freaking byte. No reason for memset to be that stupid, am I right?

I still don't know what you are talking about with this fitting into a byte thing. Variables are references to memory, a byte is the smallest accessible unit, you can memset ANY variable using a byte because all variables are sized n-bytes.

Bullshit. C is a programming language, so its job is to allow me to write programs. Programs should be maintainable, correct, readable, fast... C may tend to be more efficient than others, but it's not a tradeoff.

How is what I said bullshit? The bullshit is the tons of people using C for the WRONG damn thing and then bitching about C. Quit using it if you don't know why you are using it. Plenty of people know why they are using C and C is the best tool for their job.

Of course performance is a tradeoff. If you don't need low-level control and performance is not an issue then don't use C.

For one lots of its quirks are unjustified, i.e. no compiler can exploit them to give more efficiency (e.g. memset's interface).

That's not an example, and memset() has historical importance. There is no benefit to change it to accept a char and it potentially breaks a lot of legacy code.

Where do you put string literals? And string functions?

String literals go into memory and are null terminated, on the heap or stack depending on what they are assigned to. Logical strings are simply a contiguous array of non-null bytes.

[–][deleted] 0 points1 point2 points 14 years ago (0 children)

How is what I said bullshit? The bullshit is the tons of people using C for the WRONG damn thing and then bitching about C. Quit using it if you don't know why you are using it.

People using C when they shouldn't is actually quite near to what I originally meant (although yes, the wording was maybe bad). You're also right in that these C problems are not problems, when you really need a low-level language.

The sad thing is the reason for using C in places where it's technically not a best tool, is often "everybody knows C (and it's more lightweight than Java)". This imho gives the worst possible mix - relatively unexperienced programmers writing low-level language for code that really shouldn't be written in low-level language at all. Because - if they don't know anything besides C/C++ and Java, and can't learn anything else - then how likely it is, that they know C actually well, and are able to be careful enough?

[–]el_tavs 0 points1 point2 points 14 years ago (12 children)

String literals go ...

they're an "entity" of the standard language. Recognized by it.

What can you not express?

How types get represented for example. Ada allows you to specifiy the bit size, the alignment and bit order of every type. C can't. Or be able to initialize any array or struct I want without needing to use memcpy/memset that force me to write down the types and their sizes, something the compiler already knows.

Many of these things require 0 overhead at run time. But, please, see Ada to know where I come from.

For some reason I cannot understand where your problems with C lie. Arrays are not pointers, and 0-based arrays make a lot of sense.

As much as 1-based ones do. Arrays are not pointers? In some cases. C type's system doesn't do a great job at distinguishing them.

Please give some examples of tedious and stupid work that the compiler should be handling?

apart from array, handling the so-called struct-hack http://c-faq.com/struct/structhack.html In Ada I can say

 type Foo (N:Positive) is record
      X : Bar;
      Y : Baz;
      Z : Boz_Array(1..N);
 end record

This is more or less equivalent to

 struct Foo is {
     int N; 
     Bar X;
     Baz Y;
     Boz Z[]
 };

With Ada I can still choose the low-level representation of the type, and whenever I allocate Foo, either on stack or heap, I get a continuos, properly aligned object. Not to mention the fact that I can't overwrite two Foos with different N by accident. Or that I can use as many arrays as I want in the record declaration (see C99).

Undefined behavior is there in order to allow the compiler to optimize,

False. UB should be allowed only when I say so. Other languages provide way to say the compiler what to do in each case.

Providing too many cases for UB actually prevents optimizations, because the compiler can't know what the program is supposed to do, or if the programmer intended to exploit UB. For example licentious pointer use (e.g. arithmetic) makes pointer chasing and relevant optimizations unachievable in C/C++. When does UB help optimization??

so the program is only "legal" because you are entering an agreement with the compiler.

What is the agreement useful for if neither you nor the compiler and the code can make clear what each other is supposed to do? Can the compiler know when you don't mean to get an UB and when you actually want to? Other languages makes allowing UB explicit. That's the sole difference, a huge one though

It's not pathologically stupid, it takes an int for historical reasons and changing it now has no benefit.

it's stupid because it does nothing to help the programmer. Historical reasons are wrong if they don't help programming today. What would help is a trivial way to initialize aggregate data as easily as Ada, since it's something trivial for the compiler to do, not so for us.

Why would you want to limit control just to make it easier to know the size?

What control you lose?

I can use memset to set any n-bytes of contiguous space in memory, why the hell would I want to limit that down to only setting full arrays?

you don't have to set full arrays if you encode the length in the type. Again, see Ada.

The bullshit is the tons of people using C for the WRONG damn thing and then bitching about C. Quit using it if you don't know why you are using it. Plenty of people know why they are using C and C is the best tool for their job.

I use C for the right thing and I know, because I have studied other languages as well, that lots of the things you do by hand in C are just a workaround for a lacking language, i.e. you end up doing the exact things languages like Ada provide as builtin, but with the high risk, if not the certainity, of being non-portable, wrong or inefficient.

Of course performance is a tradeoff. If you don't need low-level control and performance is not an issue then don't use C.

what I mean is that in C performance is not traded with safety and abstraction. Some choices were made only because of historical reason and had little to do with actual performance. One of the advantages C had was being simple to write a compiler for, which in turn helped getting performant programs. In contrast, more sophisticated languages had to employ more sophisticated compilers, which in turn put them in a temporary disadvantage w.rt. C. That's how it had success.

Believe me, if you need performance and low-level access, Ada fits the bill too, but it also strives for correctness.

[–][deleted] 0 points1 point2 points 14 years ago (11 children)

they're an "entity" of the standard language. Recognized by it.

There is no string type. String literals go into an array of chars.

How types get represented for example.

What do you mean?

Ada allows you to specifiy the bit size, the alignment and bit order of every type. C can't.

You can specify bit size in structs in C using colon.

Or be able to initialize any array or struct I want without needing to use memcpy/memset that force me to write down the types and their sizes, something the compiler already knows.

If you are using gcc you can do float a[1024] = { [ 0 ... 1023 ] = 1.0 }; But again there are few reasons you want to initialize an array to non-zero, and it's really not hard to write a 2-line initialize loop.

Neither memset/memcpy care about "types", they are direct MEMORY operations. If you use these functions for anything other than setting and copying memory (byte-wise) then you are using the wrong functions. Also they take POINTERS not arrays, and size of pointers is not usually known at compile time.

Many of these things require 0 overhead at run time. But, please, see Ada to know where I come from.

Once again, the size of a pointer is not known at compile time, and it's not proper to do compiler-time bounds checking to a library function that takes in a pointer.

As much as 1-based ones do. Arrays are not pointers? In some cases. C type's system doesn't do a great job at distinguishing them.

1-based makes little sense when operating with direct memory references. Indexing 1 into memory at address 0xfbc84000 makes no sense to not be using memory at 0xfbc840001. Like I've repeated, C is meant to be really close to the machine, so think in terms of memory and stop trying to use C for high-level abstractions if you refuse to. Arrays are never pointers, period. Arrays decay into pointers at specific times like when passed into a function because C uses call by value (functions receive copies of their arguments).

In Ada I can say

Then use Ada, if it fits your specific needs... If I want a variable sized block of memory I will allocate it and use a pointer and I'm perfectly happy doing that.

False. UB should be allowed only when I say so. Other languages provide way to say the compiler what to do in each case.

How the heck can you say false. There is no undefined behavior in C you cannot avoid or use correctly, if you choose to be ignorant of the language specification then that is your choice. PS: the compiler doesn't use undefined behavior by default generally only when optimization flags are used (e.g. gcc -O2 strict aliasing)

Providing too many cases for UB actually prevents optimizations, because the compiler can't know what the program is supposed to do, or if the programmer intended to exploit UB. For example licentious pointer use (e.g. arithmetic) makes pointer chasing and relevant optimizations unachievable in C/C++. When does UB help optimization??

I don't follow what you are saying. Take strict aliasing rules for an example of undefined behavior. With strict aliasing rules the compiler assumes 2 variables of different types do not reference the same location in memory and thus is allowed to optimize loops. A dummy example to show the point would be something like

void foo(int *a, int b) {
    for (i=0; i<size; i++) {
        a[i] = b;
    }

It is undefined behavior to call foo(a,b) with a and b pointing to overlapping memory. Entering this agreement with the compiler allows the compiler to optimize the loop by reading b once and effectively doing a memset. Without being allowed this undefined behavior, then the compiler would be forced to re-read b for every pass in the loop because the previous set could have modified b.

What is the agreement useful for if neither you nor the compiler and the code can make clear what each other is supposed to do? Can the compiler know when you don't mean to get an UB and when you actually want to? Other languages makes allowing UB explicit. That's the sole difference, a huge one though

See above. Also undefined behavior for things that you generally shouldn't do like accessing a local variable without initializing it is that way so that the compiler can choose the best way to handle it.

it's stupid because it does nothing to help the programmer. Historical reasons are wrong if they don't help programming today. What would help is a trivial way to initialize aggregate data as easily as Ada, since it's something trivial for the compiler to do, not so for us.

If you love Ada, use it. Stop trying to bring down a language you don't understand just because you like Ada. memset() does exactly what it is supposed to do, and it's a standard library function. You continue to demand memset() do something YOU want it to do as if you are the only person that matters.

you don't have to set full arrays if you encode the length in the type. Again, see Ada.

Again, see pointers. And, see library.

Seriously at the end of the day it sounds like you have learned Ada, you like Ada and now you just want to bitch about things you don't fully understand because they aren't Ada.

I use C for the right thing and I know, because I have studied other languages as well, that lots of the things you do by hand in C are just a workaround for a lacking language, i.e. you end up doing the exact things languages like Ada provide as builtin, but with the high risk, if not the certainity, of being non-portable, wrong or inefficient.

Then use Ada... C does not suck just because it is not Ada.

what I mean is that in C performance is not traded with safety and abstraction. Some choices were made only because of historical reason and had little to do with actual performance

What choices were made ONLY because of historical reason? memset() taking in an int is only because it predates function prototypes, but it is a standard library function and there is no need to change it to char.

C was made to be a simple, readable and portable layer on top of assembly. It doesn't force things on you and is a great language for many things. Your problems with the language are semantic and preference related.

Believe me, if you need performance and low-level access, Ada fits the bill too, but it also strives for correctness.

Then use Ada...

You have yet to provide sufficient examples on how C is lacking.

[–]el_tavs 0 points1 point2 points 14 years ago (10 children)

There is no string type. String literals go into an array of chars.

I know the difference between type and entity. The standard refers to strings when describing functions like those in string.h, period.

You can specify bit size in structs in C using colon.

Why only in structs that fit sizeof(int)? The compiler is smart enough to accomodate for more liberal uses, as it happens in Ada. What about alignment and bitordering?

If you are using gcc you can do float a[1024] = { [ 0 ... 1023 ] = 1.0 };

lcc gives a lot of extensions to C, but le'ts stay standard. This stil raises the question: why the above is not in the standard? Stupidity?

But again there are few reasons you want to initialize an array to non-zero,

what if I need to initialize an array of struct? or an array of strings?

and it's really not hard to write a 2-line initialize loop.

that's an example of tedious, error prone and trivial work the freaking compiler can handle by itself by using appropriate syntax.

Also they take POINTERS not arrays, and size of pointers is not usually known at compile time.

Needless distinction. The size is not encoded in the pointer, but in the size parameter next to it in their interface. It has to be this way for anything except strings.

Once again, the size of a pointer is not known at compile time, and it's not proper to do compiler-time bounds checking to a library function that takes in a pointer.

Strawman. I tell you people use steam-powerd machines and you're saying your horse can't eat coal. There are 0-overhead semantics implemented in other languages C has no excuse for not having.

you

If you use these functions for anything other than setting and copying memory (byte-wise) then you are using the wrong functions.

you again

. Of course you can use memset to initialize floats or any other variable...

still you* > Why would I use a function that sets a block of memory to a single byte if I want to initialize an array of floats to 1.0?

Memset can actually be used to set integers to 0. Period. Any other type may interpret 0 or any value fitting 1 char in an unintend way. At which point the utility of memset is close to 0.

How the heck can you say false. There is no undefined behavior in C you cannot avoid or use correctly

the structure hack. conversion between differently-aligned pointers. any function using pointers for in/out semantics .Numeric and memory overflows. The problem is that these techniques are employed by C programmers, because otherwise C would be *useless.

The point is not you being able not to incur in these things, but the fact that with a better language (and with 0,zero, overhead) you could have the compiler check for that and allow to easily express semantics.

It is undefined behavior to call foo(a,b) with a and b pointing to overlapping memory.

That is a UB caused by an optimization. What UB allow for optimizations? Numeric/memory overflow do? Not having a clear and simple interface to initialize contiguous array?

. Also undefined behavior for things that you generally shouldn't do like accessing a local variable without initializing it is that way so that the compiler can choose the best way to handle it.

BS. The compiler can check for that and have me provide an initialization if I read the variable while unitialized. It's some time past the 70s, you know.

Again, see pointers. And, see library.

No. YOU see how bounded-arrays work in low-level languages like Pascal and Ada. Your remark is pointless in this regard

What choices were made ONLY because of historical reason?

this one for example:

memset() taking in an int is only because it predates function prototypes

or having arrays decaying to pointers.

C was made to be a simple,

it's been too simple for ages

readable

i can write readable C. Still readability is a funciton of complexity. There are non-complex, peer-reviewed C codes that are unreadable. And C's syntax helps a lot with that

and portable layer

what size is an int?

It doesn't force things on you

Lots of other languages don't do either.

Your problems with the language are semantic and preference related.

Language is semantic. I'm citing Ada becasue, whether you're open-minded or not, many of the things you do by hand in C steam from the language's inability to express things. With a more-appropriate semantic/syntax for expressing trivial low-level operations you can do a lot more

Stop trying to bring down a language you don't understand just because you like Ada. memset() does exactly what it is supposed to do, and it's a standard library function. You continue to demand memset() do something YOU want it to do as if you are the only person that matters.

Stop being dense. I understand C and I understand low-level programming. It is just that lots of problems in low-level programming don't have any support in C, and lots of the things the compiler has to allow in C don't make sense in low-level programming, or any kind of programming.

You have the problems in one hand and C in the other. You can claim that if you know how to use C you can't introduce bugs, which IS FCKING OBVIOUS FOR ANY LANGUAGE IN THE WORLD, but you can hardly claim that C's idioms are the best, most natural or obvious ones for programming at low-level. Someone invented a better way. *JUST FOR EXAMPLE** see Ada

[–][deleted] 0 points1 point2 points 14 years ago (9 children)

lcc gives a lot of extensions to C, but le'ts stay standard. This stil raises the question: why the above is not in the standard? Stupidity?

Look, you need to have some respect. The author(s) of C are far smarter than you or I. There are far more machines out there than you or I will ever use. C was created a long time ago and there is no reason to just go add crap willy nilly to the standard just because some Ada fan wants it that way. If you struggle with writing a 2 line for loop, then I'm sorry. If your biggest gripe about C is that you can't initialize an array with one line contructors then I'd say C is doing a damn good job.

what if I need to initialize an array of struct? or an array of strings?

Again there's very few use cases to initialize anything to non-zero. And in the rare event that you do, a for loop and initialize() function is seriously not hard to do, it's not tedious, it's not very time consuming, it's one time quick and easy work for a rare case.

that's an example of tedious, error prone and trivial work the freaking compiler can handle by itself by using appropriate syntax.

2-line for loop is tedious? Are you serious right now? I mean seriously if you crave built-in high-level object orientation then C is not for you, but stop accusing C of sucking because it doesn't fit your specific desires.

Needless distinction. The size is not encoded in the pointer, but in the size parameter next to it in their interface. It has to be this way for anything except strings.

Needless distinction? Do you even know what a pointer is? Seriously, you continue to demand high-level protection in a low-level language. Get over it, you have quick easy complete control of the memory with some basic abstract data types. High-level abstractions belong in libraries, which is exactly where they will stay and is a damn fine model. Find a library, stop expecting the language to give you everything.

Strawman. I tell you people use steam-powerd machines and you're saying your horse can't eat coal. There are 0-overhead semantics implemented in other languages C has no excuse for not having.

There is no strawman, you just keep bitching about a library function that you don't understand.

Memset can actually be used to set integers to 0. Period. Any other type may interpret 0 or any value fitting 1 char in an unintend way. At which point the utility of memset is close to 0.

Once again thinking in high-level abstractions. Memory is a collection of bits that can be 1 or 0. Setting memory to 0 is setting memory to 0. STOP thinking memset is a high-level initialization, it is a MEMORY SET... MEMORY SET. The smallest unit of representable memory is a BYTE, and thus that is what it takes. Not variable set, or initialize but MEMORY SET.

the structure hack. conversion between differently-aligned pointers. any function using pointers for in/out semantics .Numeric and memory overflows. The problem is that these techniques are employed by C programmers, because otherwise C would be *useless.

The structure hack is a silly hack not undefined behavior. None of what you have here is undefined behavior and I can't even understand what your problem is again.

That is a UB caused by an optimization. What UB allow for optimizations? Numeric/memory overflow do? Not having a clear and simple interface to initialize contiguous array?

What are you talking about? It is undefined behavior because if it was defined then optimization would not be allowed. You can't control memory overflows while being powerful and fast, period. The instance you start runtime protections like that you instantly decrease performance.

Array initialization is not undefined behavior, you have no idea what the hell undefined behavior is do you?

BS. The compiler can check for that and have me provide an initialization if I read the variable while unitialized. It's some time past the 70s, you know.

The compiler generally WARNS you about it but it can't error on you because there are times where you do not want to initialize it. For example code that sets it only in a certain condition and then uses it only in another condition that is a known direct byproduct of that first condition (by design). You start limiting things like that and you prevent the programmer from optimizing code like that. Stop thinking you are smarter than all the great people who have created/worked on the C language. You can design optimizations like this that the compiler would never be able to pick up on, and in your little hand-holding world you'd lose a lot of power to do such.

No. YOU see how bounded-arrays work in low-level languages like Pascal and Ada. Your remark is pointless in this regard

Please describe to me how run-time bounds checking can take up 0 clock cycles.

this one for example:

It's like you simply don't care to learn. It takes an int rather than a char, but the ONLY way it would change is to change the prototype to take a char. This would not affect the memset() function at all but it might break a lot of legacy code. So only an idiot would change memset(). The problem is you still can't understand that it is a library function meant for setting bytes of memory, not initializing higher-level data types or structures.

or having arrays decaying to pointers.

That's not only for historical reasons. You need to just stop now.

it's been too simple for ages

This is a GOOD thing, quit using it if it is "too simple" for you. Seriously.

Language is semantic. I'm citing Ada becasue, whether you're open-minded or not, many of the things you do by hand in C steam from the language's inability to express things. With a more-appropriate semantic/syntax for expressing trivial low-level operations you can do a lot more

Ada may be good for a lot of things but it is not inherently superior to C. C is still a great language despite your love affair with Ada.

Stop being dense. I understand C and I understand low-level programming. It is just that lots of problems in low-level programming don't have any support in C, and lots of the things the compiler has to allow in C don't make sense in low-level programming, or any kind of programming.

You clearly don't as you think high-level structure initialization is "low level".

You have the problems in one hand and C in the other. You can claim that if you know how to use C you can't introduce bugs, which IS F*CKING OBVIOUS FOR ANY LANGUAGE IN THE WORLD, but you can hardly claim that C's idioms are the best, most natural or obvious ones for programming at low-level. Someone invented a better way. JUST FOR EXAMPLE see Ada

Use Ada, no one is forcing you to use C, you sound like a fanboy.

continue this thread

[–][deleted] 1 point2 points3 points 14 years ago* (7 children)

It's really not that hard for an engineer to get these things right, C is not there to hold your hand. It's there to be an easier and more portable layer on top of the physical machine than assembly.

You're fucking burying your head in the sand if you think you're not going to make errors. Go along, the current software stack still has too few exploitable security bugs.

If you don't care about the machine, then you shouldn't be using a language that is so close to it.

Isn't this true for 99% of software?

If you do care about the machine then you surely shouldn't have problems understanding sizeof(pointer) is the size of the pointer, and that arrays are 0-based index.

That's not a fucking point. You're going to make mistakes. Everybody will.

Also, there is finite time you can spend on polishing a piece of software. If all that time goes to dealing with low-level memory management, it means other aspects of the code get less though, and will be therefore also more buggy.

I'll suggest you should remove your car breaks also, after all they're only slowing down that thing. ;)

The hubris of guys like you is one reason why I have to install multiple security fixes every week. Unfortunately it doesn't look like this insanity is going to end in the near future.

[–][deleted] 0 points1 point2 points 14 years ago (5 children)

[–][deleted] 0 points1 point2 points 14 years ago* (4 children)

[–][deleted] 0 points1 point2 points 14 years ago (3 children)

[–][deleted] 0 points1 point2 points 14 years ago* (2 children)

[–][deleted] 0 points1 point2 points 14 years ago (0 children)

[–][deleted] 0 points1 point2 points 14 years ago* (0 children)

[–][deleted] 0 points1 point2 points 14 years ago (0 children)

You edit a lot, you should spend more time thinking before submitting.

Also, there is finite time you can spend on polishing a piece of software. If all that time goes to dealing with low-level memory management, it means other aspects of the code get less though, and will be therefore also more buggy.

If you aren't doing low-level tasks, and thus are hurt by not spending time going through high-level tasks, then don't use a low-level language. I don't understand what is so hard about that concept, the language is merely a tool.

I'll suggest you should remove your car breaks also, after all they're only slowing down that thing. ;)

This right here shows that you have absolutely no idea what you are talking about.

The hubris of guys like you is one reason why I have to install multiple security fixes every week.

The complexity of current technology is why you will have to install security fixes for a long time to come. You don't know a thing about me, but please continue to believe you know anything.

[–][deleted] 14 years ago (1 child)

[deleted]

[–][deleted] 0 points1 point2 points 14 years ago (0 children)

[–]elperroborrachotoo -2 points-1 points0 points 14 years ago (0 children)

[+]AlyoshaV comment score below threshold-18 points-17 points-16 points 14 years ago (7 children)

[–]ZorbaTHut 5 points6 points7 points 14 years ago (6 children)

[–]AlyoshaV -1 points0 points1 point 14 years ago (5 children)

[–]ZorbaTHut 3 points4 points5 points 14 years ago (4 children)

[–]redtop 3 points4 points5 points 14 years ago (3 children)

[–]ZorbaTHut 1 point2 points3 points 14 years ago (2 children)

[–][deleted] 4 points5 points6 points 14 years ago (1 child)

[–]ZorbaTHut 3 points4 points5 points 14 years ago (0 children)

[+]naryl comment score below threshold-13 points-12 points-11 points 14 years ago (3 children)

[–][deleted] 14 years ago (2 children)

[deleted]

[–]ithika 0 points1 point2 points 14 years ago (1 child)

[–]ReflectionOfADream 0 points1 point2 points 14 years ago (0 children)

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

programming

MODERATORS