Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: David Brown Newsgroups: comp.arch Subject: Re: Computer architects leaving Intel... Date: Sun, 1 Sep 2024 22:12:34 +0200 Organization: A noiseless patient Spider Lines: 27 Message-ID: References: <2024Aug31.170347@mips.complang.tuwien.ac.at> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Date: Sun, 01 Sep 2024 22:12:34 +0200 (CEST) Injection-Info: dont-email.me; posting-host="3cb680684ff53db81c97edc1c11f0330"; logging-data="1702249"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/Np9sB8OXjPSjtytJvu12lNRxaMuOaDQM=" User-Agent: Mozilla Thunderbird Cancel-Lock: sha1:UFJzLVCaa6+5SxPPd33cpmCb8Us= Content-Language: en-GB In-Reply-To: Bytes: 2356 On 01/09/2024 12:21, John Dallman wrote: > In article <2024Aug31.170347@mips.complang.tuwien.ac.at>, > anton@mips.complang.tuwien.ac.at (Anton Ertl) wrote: > >> Undefined behaviour is something that is exercised at run-time. >> That's why the "undefined behaviour sanitizers" insert run-time >> checks. And of course they only detect the behaviour when it is >> actually exercised. I.e., they usually will not detect overflowable >> buffers, because your usual test inputs don't exercise those. > > That's among the many reasons why there is no single way "to make code > secure." For string buffers, you turn on the compiler run-time checks, > and use the length-checking versions of string handling functions. Then > you write tests to check both of those are actually working. > > Then you discover that the C++ string[] operator is not bounds-checked, > as per the C++ standard, but string.at() is bounds-checked, and curse a > bit. > But surely you would discover that before using the std::string type? I might do some quick test code using "stuff copied off the internet", but for any serious programming I would want to read the specifications of a type or function before using it. That's the only way to be sure you are writing correct code.