[SystemSafety] C++ and Pointers

Derek M Jones derek at knosof.co.uk
Fri Jul 5 13:44:52 CEST 2019


Peter,

> Pointers make the software much harder to assess/statically analyse.

They used to make life difficult.  But these days (for the last
10 years), there is lots of support for fancy pointer analysis.

People also tend to overlook that most pointers only every point at one
object, and fancy analysis is not needed to figure this out.

My company wrote the initial C t IL converter for the MALPAS tool,
which was figuring this stuff out in the late 1980s.

> Regards
> 
> Peter
> 
> On 05/07/2019 08:59, Grazebrook, Alvery AN wrote:
>> Entertaining, but clearly a mis-quote out of context. Derek was making some (valid) comments about measuring the characteristics of buffer-overflow attacks, and then finished with:
>> " I cannot think of any research looking at this.  Pointers welcome."
>>
>> Clearly not the endorsement of C++ programming that Olwen is accusing him of.
>>
>> Good opportunistic rant though!
>>
>> Cheers,
>> 	Alvery
>>
>> ** opinions are my own, not necessarily those of my employer
>>
>> -----Original Message-----
>> From: systemsafety [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of Olwen Morgan
>> Sent: 04 July 2019 19:45
>> To: systemsafety at lists.techfak.uni-bielefeld.de
>> Subject: Re: [SystemSafety] C++ and Pointers
>>
>>
>> On 06/06/2019 17:18, Derek M Jones wrote:
>>
>> <snip>
>>
>> Pointers welcome.
>>
>>
>> <snip>
>>
>>
>> No, pointers are *unwelcome* owing to the complexity of aliasing and overflow problems they create. You can create efficient and secure large-scale services very easily with applicative/concurrent languages like Erlang.
>>
>> Software engineers who write critical systems in C++ should be sent to gulags to do more useful work.
>>
>>
>> How long does one have to keep on saying these things before the
>> lumpen-engineeriate finally gets it?
>>
>> Yawn,
>>
>> Olwen
>>
>>
>> _______________________________________________
>> The System Safety Mailing List
>> systemsafety at TechFak.Uni-Bielefeld.DE
>> Manage your subscription: https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety
>> This email and its attachments may contain confidential and/or privileged information.  If you have received them in error you must not use, copy or disclose their content to any person.  Please notify the sender immediately and then delete this email from your system.  This e-mail has been scanned for viruses, but it is the responsibility of the recipient to conduct their own security measures. Airbus Operations Limited is not liable for any loss or damage arising from the receipt or use of this e-mail.
>>
>> Airbus Operations Limited, a company registered in England and Wales, registration number, 3468788.  Registered office:  Pegasus House, Aerospace Avenue, Filton, Bristol, BS34 7PA, UK.
>>
>> _______________________________________________
>> The System Safety Mailing List
>> systemsafety at TechFak.Uni-Bielefeld.DE
>> Manage your subscription: https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety
> 

-- 
Derek M. Jones           Software analysis
tel: +44 (0)1252 520667  blog:shape-of-code.coding-guidelines.com


More information about the systemsafety mailing list