|
|
|
|
|
|
by pjmlp
3294 days ago
|
|
|
> In particular, and I quote from the C99 rationale Maybe you should read the C11 principles instead, and I quote: http://www.open-std.org/jtc1/sc22/wg14/www/docs/n2021.htm "12. Trust the programmer, as a goal, is outdated in respect to the security and safety programming communities. While it should not be totally disregarded as a facet of the spirit of C, the C11 version of the C Standard should take into account that programmers need the ability to check their work." |
|
|
They codified interfaces with bounds checking. They gave us tools. They deprecated a function that cannot be checked and used securely inside a program without also checking what happens outside the program.
That's good, they give the ability, they give tools. But that's not at all distrusting the programmer, least of all in the sense that I spoke of: assume the program is wrong if you can't prove it right.
And because of that, I do not think these updated guidelines are a reversal of spirit or incompatible with what C alway was and still is.
They still trust the programmer in general, and also allow the use of older interfaces that do no bounds checking. They just gave new toys for the programmer who doesn't trust himself. That may help him check the work.