gets() is dead

[¬a\\/b]

On Wed, 9 May 2007 08:28:19 +0100, "Malcolm McLean"

[snip]

Unless you can show that UB errors are more common than deterministic errors
in dangerous malfunctions, I will fund it hard to believe. Controlled flight
into terrain and all that.

It's unnecessary to show that "UB errors are more common than
deterministic errors in dangerous malfunctions".

You should strive to eliminate UB errors completely, so that you can
focus on the task of finding deterministic errors. The former
(striving to eliminate UB errors) is one of the primary tenets the
honorable posters to this newsgroup attempt to dissuade people like
you and me from. And for good reason.

Someone may use a ring buffer in the software for a flight control
system, and they may use something like the following to increment the
current index of the buffer:

#define BUF_SIZE 256

...

i = i++ % BUF_SIZE;

Furthermore, their DO-178B Level A testing may show that this works
just fine. Nevertheless, it is a time bomb waiting to fire off,
because it is undefined behavior.

With a change to a different compiler or even a change to the next
release of the same compiler, the above may not "work" as expected.

(I can hear the echoes of management through the hall--Do we really
need to re-run *all* of the regression tests for the next N weeks,
seeing that all we did was change to the next revision of the same
compiler?).

It's better to avoid such undefined behavior in the first place, so
that you can focus on the "deterministic errors".

I think that is along the lines of what Mr. Heathfield and others are
more or less saying, and I whole heartedly agree with them.

"i = i++ % BUF_SIZE;"
non dovrebbe avere nessun "indefinite behaviorur" e si puo' unicamente
intendere come

"i=i%BUF_SIZE; ++i;"

lo standard che non limita UB sembra per me sbagliato
la direzione è diminuire al massimo i vostri "cari?" "UB"

in generale
f(a1, ... , ++a2, ... , --a3, ..., a4--, ... a5++)
= {++a2; --a3; --a4; ++a5;
return f(a1, ..., a3, ... a4-1, ..., a5+1);}

f(++a1, g(++a2)) <=> f(++a1, {++a2, return g(a2)})
<=> ++a1; f(a1, {++a2; return g(a2);})
<=> ++a2; ++a1; f(a1, g(a2);
facendo queste posizioni i vostri UB spariscono
qui ammetto che la "chiamata a funzione" e il ";" sono punti di
calcolo degli operandi (non ricordo come la chiamate mi sembra
"sequescion points")

 

[¬a\\/b]

jaysome wrote, On 09/05/07 09:27:


You have learnt your lesson well, young Jedi.

e a me come va: sono un jedi anche io? percepisci niente?

 

[Pietro Cerutti]

e a me come va: sono un jedi anche io? percepisci niente?

Per favore non postare in italiano ;-)

 

[Chris Hills]

Per favore non postare in italiano ;-)

He can post in any language he likes.

Using a less universal language here will just severely limit the number
of people who can understand what he has written, let alone the sub set
of those who actually understand what he is on about and can be bothered
to reply.

 

[Keith Thompson]

He can post in any language he likes.

Using a less universal language here will just severely limit the
number of people who can understand what he has written, let alone the
sub set of those who actually understand what he is on about and can
be bothered to reply.

Frankly, this particular poster isn't much easier to understand when
he posts in English.

 

[¬a\\/b]

He can post in any language he likes.

Using a less universal language here will just severely limit the number
of people who can understand what he has written, let alone the sub set
of those who actually understand what he is on about and can be bothered
to reply.

io non credo in un mondo che usa un solo linguaggio dove tutti gli
uomini possano collaborare al 100%: non credo all'umanesimo che
dimentica il Creatore

 

[Malcolm McLean]

io non credo in un mondo che usa un solo linguaggio dove tutti gli
uomini possano collaborare al 100%: non credo all'umanesimo che
dimentica il Creatore

He's saying something about God and a world with only one language, but I
cannot understand it all.

 

[Army1987]

io non credo in un mondo che usa un solo linguaggio dove tutti gli
uomini possano collaborare al 100%: non credo all'umanesimo che
dimentica il Creatore

Bravo. Ma qui la maggior parte della gente non capisce l'italiano.
Quindi se non vuoi che ignorino i tuoi messaggi scrivi in inglese
(la lingua "ufficiale" di comp.lang.c) o scrivi su it.comp.lang.c.

(For those who don't speak Italian:
Good. But here most people don't understand Italian. So if you
don't want them to ignore your posts, write in English (the
"official" language of comp.lang.c), or post to it.comp.lang.c.
)

 

[Army1987]

He's saying something about God and a world with only one language, but I
cannot understand it all.

He said "I don't believe in a world using only one language where
all men could collaborate at 100%: I don't believe humanism which
forgets the Creator" (to which the only sensible answer, other than
ignoring the post altogether, is "If you don't, then post to
it.comp.lang.c rather than here").

 

[Richard Heathfield]

Malcolm McLean said:

He's saying something about God and a world with only one language,

Well, that sounds pretty topical to me.

but I cannot understand it all.

I recommend "The C Programming Language", 2nd edition, by Kernighan and
Ritchie.

 

[Richard Heathfield]

Army1987 said:

(For those who don't speak Italian:
Good. But here most people don't understand Italian. So if you
don't want them to ignore your posts, write in English (the
"official" language of comp.lang.c), or post to it.comp.lang.c.
)

Thanks, Army1987, but it's too late from where I'm standing. As far as
I'm concerned, he's had lots of chances to understand how this group
works, and I therefore assume his continuing ignorance to be
deliberate. In other words, he's trolling.

 

[Chris Hills]

He's saying something about God and a world with only one language, but
I cannot understand it all.

This is pointless... when I email as God (not my alternate human persona
I am using now) I use English not Italian.

 

[Charles Richmond]

There's no such thing as code that doesn't need to be secure.
And if there was, you would find it transmogrifying into code that *does*
need to be secure at incredibly inconvenient times.

Pardon me, but I think that is a bunch of crap...

 

[Charles Richmond]

Flash Gordon wrote:
Harald van Dijk wrote, On 29/04/07 20:57:

[snip...] [snip...] [snip...]

An implementation not providing gets is just as broken as far as the
standard is concerned as an implementation providing a broken one.
Right, but as I tried to explain, this could actually be useful.
Programs using gets() would not run at all, rather than run with
incorrect behaviour, and it's the running with incorrect behaviour
that I mainly object to.

Perhaps I was *not* clear. The "gets()" function does *not*
print a warning each time it is called. Instead, *one* warning
is printed when the program is started. Somehow, using "gets()"
causes this one-time behavior to be enabled or loaded from
the "libc" library.

Ok. I don't know of any C library implementation that behaves this
way, but I'll take your word for it.

After looking a little further, I think that the Mac OS/X
implementation of GCC comes from FreeBSD. So that is perhaps
where this "warning" comes from.

 

[Joseph Alten]

Pardon me, but I think that is a bunch of crap...

It's not a bunch of crap. Getting into bad habits is not a good idea,
and suddenly you'll find that code you previously wrote is not useful
because of the bad coding habits.

Or worse, you'll spend ages trying to find why your program keeps
crashing, until you realize that it was just a silly overflow because
you used gets().

 

[Charles Richmond]

Keith Thompson said:


Oh, I see you found another one. He's in "good" company - Nick McLaren
over in csc also claims to be a regular gets() user. And he's on the
ISO C Committee, for pity's sake. Who taught these guys to program -
Schildt?

I can see why some folk might bang a gets() call into their code, much
as a bad carpenter might use a couple of nails instead of a countersunk
screw. What I *can't* fathom is their apparent lack of shame.

You do *not* have to "gets()" nasty. I sometimes use bubble sort
too, when I think it is appropriate. I am surprise you would
use so much bandwidth just to disparage me. How about telling
me something I don't know about "gets()" that would convince me
*not* to use it for games or my own "quick and dirty" use.

 

[Ian Collins]

You do *not* have to "gets()" nasty. I sometimes use bubble sort
too, when I think it is appropriate. I am surprise you would
use so much bandwidth just to disparage me. How about telling
me something I don't know about "gets()" that would convince me
*not* to use it for games or my own "quick and dirty" use.

There isn't any good reason to use it.

 

[Richard Heathfield]

Charles Richmond said:

I am surprise you would
use so much bandwidth just to disparage me.

Believe it or not, that's not my intent.

How about telling
me something I don't know about "gets()" that would convince me
*not* to use it for games or my own "quick and dirty" use.

It appears there is no point in trying, alas. If what you already know
about it isn't sufficient to put you off it, I'm out of options. I am
reminded of the kid who says "Okay, so running across a 70mph road for
a dare might be a bit dangerous, but I *enjoy* it, and what business is
it of yours anyway?"

 

[Tak-Shing Chan]

You do *not* have to "gets()" nasty. I sometimes use bubble sort
too, when I think it is appropriate. I am surprise you would
use so much bandwidth just to disparage me. How about telling
me something I don't know about "gets()" that would convince me
*not* to use it for games or my own "quick and dirty" use.

For the record, I used gets() a lot, too. I can assure you
that it has nothing to do with my "lack of shame".

If you have complete control of stdin, gets() can indeed be
used safely. But the "complete control" bit is off-topic, so I
am not going to explain it further.

Tak-Shing

 

[Tak-Shing Chan]

There isn't any good reason to use it.

There's one: simplicity. You don't need to handle the
newlines yourself.

Tak-Shing