Sick of Buffer Overflows...

Jerry Feldman gaf at blu.org
Thu Aug 8 16:34:11 EDT 2002


As a long time C programmer (22 years) and assembler programmer, my initial 
response to the message was negative... BUT as a former COBOL and FORTRAN 
programmer and having worked with many people in this industry from bit 
fiddlers to programmers who have difficulty with "Hello, world!" you are 
probably right. 

I think Gossling got it right with Java to some extent. Many C programmers, 
even experienced ones, don't use malloc efficiently, and don't understand 
that in most cases free(3) does not return memory back to the host OS. 
It is more important to get the application doing the right thing. And, 
many experienced C++ programmers tend to misunderstand the semantics behind 
the new and delete operators. There are few applications that really need 
to use pointers. Most good optimizing compilers today can generate better 
code if the programmer uses subscripts rather than pointers. 
But, I don't think mid-level languages like C and C++ need to be disposed 
of. There is always the need to dynamic memory allocation, but through the 
use of libraries and templates the need for the lower level implementations 
are not needed, except in cases of operating system code, drivers, and some 
systems level code.  

On 8 Aug 2002 at 15:46, bscott at ntisys.com wrote:
>   In all honesty, I think that would be a very good idea.  For that matter,
> I think the time has come to dispose of mid-level languages that deal
> directly with memory (like C and C++) for the bulk of application programs.  
> I think computers have become powerful enough that the overhead would be
> significantly lower than the overhead of all these bugs and security
> problems.

-- 
Jerry Feldman <gaf at blu.org>
Associate Director
Boston Linux and Unix user group
http://www.blu.org PGP key id:C5061EA9
PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9




More information about the gnhlug-discuss mailing list