K
Keith Thompson
Lanarcam said:Le 29/04/2012 18:17, Rui Maciel a écrit :
My responses will probably be OT, they are the result of many years
chasing elusive and costly bugs in the domain of real time embedded
systems. My wish list:
- prevents writing at wrong memory locations by the use of wild
pointers or out of bound array indices.
- erasing of the stack memory resulting in wild jumps.
How would you change the language to prevent these?
C implementations are already *permitted* to perform bounds checking,
but most don't, since it imposes performance costs.
- prevents mistaking one structure with another by the
use of improper casts.
Would you forbid cssts from one pointer type to another?
- overrun of integral types. The language should define
types such as uint32_t, int16_t, etc.
It does, or rather the standard library does (<stdint.h>, <inttypes.h>).
By "overrun", do you mean "overflow"? If so, how do int16_t and friends
address that? What prevents me from writing
int16_t x = 32767;
x ++;
and what should happen if I do?
- errors in comparison instructions resulting in an
assignation, if (a = b) instead of if (a == b)
Many compilers already warn about "if (a = b)". But it can only be a
warning, since "if (a = b)" is valid code with unambiguous semantics.
If I were designing the language from scratch today, I'd probably use
":=" for assignment and "=" for comparison, but it's too late to change
it now.
One possible change would be to require parentheses when an assignment
is used as a condition, so you have to write "if ((a = b))" if that's
what you really want -- but that would break existing code.
- no dangling pointers after free()
If I write:
int *p0 = malloc(sizeof *p0);
int *p1 = p0;
/* ... */
free(p0);
then p1 is a dangling pointer. How would you change the language to
prevent that?