As a final example, a buffer overflow checker flagged a bunch of errors of the form
unsigned p[4];
…
p[4] = 1;
“No, ANSI lets you write 1 past the end of the array.”
After heated argument, the programmer said, “We’ll have to agree to disagree.”
(It helps to know that this is forbidden by the C and C++ Standards. This rule is so well-known among programmers that if this guy were a physicist, he may as well have said, “No, neutrons are positively charged.”)
I’m just speechless. Why would you even argue about it in the first place when you can just go look at the standard or write a toy program that would run if and only if you could write past the end? This should be the canonical example of the sort of irrationality that involves ignoring the data that you have.
well, going slightly off-topic here; it’s not strictly forbidden to write
past the end of the array, it’s just that the result is undefined. Depending
what’s on the stack, it might actually work in some cases. Needless to say,
one should never do this.
He was probably confusing it with the idea that it is legitimate have a pointer that is one past the end of an array for the purpose of comparing pointers. You still can’t dereference it reliably, however.
Appeal to harmony—“Let’s agree to disagree.” If you keep talking, you’re being quarrelsome.
A Few Billion Lines of Code Later: Using Static Analysis to Find Bugs in the Real World contains a nice example:
(It helps to know that this is forbidden by the C and C++ Standards. This rule is so well-known among programmers that if this guy were a physicist, he may as well have said, “No, neutrons are positively charged.”)
I’m just speechless. Why would you even argue about it in the first place when you can just go look at the standard or write a toy program that would run if and only if you could write past the end? This should be the canonical example of the sort of irrationality that involves ignoring the data that you have.
well, going slightly off-topic here; it’s not strictly forbidden to write past the end of the array, it’s just that the result is undefined. Depending what’s on the stack, it might actually work in some cases. Needless to say, one should never do this.
He was probably confusing it with the idea that it is legitimate have a pointer that is one past the end of an array for the purpose of comparing pointers. You still can’t dereference it reliably, however.
Er, s/run/run properly/.