The following article translated from Ian Joyner "C ?? a critique of C and program" 3 / e [Ian Joyner 1996] The original copyright belongs to Ian Joyner, and I am from the consent of Ian Joyner himself. This article is translated into Chinese. Therefore, the Chinese version of this article should belong to me ;-) The English and Chinese versions of this article are used for non-commercial purposes, you can copy and post it at will. However, it is best to add the previous declaration in front of the repost. If someone or agency wants to publish this article, please contact the original copyright owner and me.
In addition, this article has been included in the book "Objects Unencapsulated" written in Ian Joyner (there is already a translation version of Japanese), which is described in: http://www.prenhall.com/allbooks /PTR_0130142697.htmlhttp://efsa.sourceforge.net/cgi-bin/view/main/ObjectsuNCapsulatedHttp://www.accu.org/Bookreviews/public/reviews/O/O002284.htm
Ian Joyner Contact: I.Joyner@acm.org My Contact: cber@email.com.cn
Translator's preface: If you want to completely master a language, you need to know what it is, but also know what it is in the shortcomings. This way we can use this language to avoid some traps in the language to better use this language to serve our work. This article of Ian Joyner and the book herself "Objects Unencapsulated", fully demonstrates some of the deficiencies of C , we should fully learn from the great work he has completed, better understand C , thus Write more secure C code.
Discussion Series (3)
Assurance Type Safety Joint Attributes (Type-Safe Linkage)
The C ARM explains that Type-Safe Linkage does not guarantee the type of security. Since it is not 100% guaranteed type, it is definitely unsafe. Statistical analysis shows that even if it is very harsh, the possibility of C has a separate O-Ring error is only 0.3%. But once we will join 6 such possible conditions that can lead to an error, the chances of mistakes become greatly considerable. In the software, we can often see some errors are our weird combination. One of OO's main purpose is to reduce this strange union. Most problems have some difficult mistakes, rather than those that have caused problems. Moreover, in the usual case, the true critical period is not true, such an error is generally difficult to detect, but we can't underestimate the seriousness of this situation. There are many plans depend on the correctness of their operation, such as space plan, fiscal settlement, etc. Using unsafe solutions in these plans is an irresponsible approach, we should strictly prohibit the appearance of similar situations. C has a huge progress in Type-Safe Linkage. In C, the linker can link a function such as f (p1, ...) to any function f (), and this f () can even have no parameters or with different Parameters are rows. This will cause the program to be wrong at runtime. Since the C Type-Safe Linkage mechanism is a trick that is actually made on the linker, C rejects all C for this inconsistency. C ARM summarizes this situation as follows - "Processes all inconsistencies -> This will make C to guarantee type security -> This will require support or mechanism (environment) to allow compilation Access information in other compilation units ". So why do the C compiler on the market (at least AT & T is so) does not provide the ability to access information in other graduation units? Why is there a special-purpose link that specializes in C designs, can you guarantee type security? The answer is C lacks a global analysis ability (we discussed in the previous section). In addition, constructing our system outside the existing program assembly is already a universal UNIX software development method, which implements a certain reuse, but it does not provide real elasticity and consistency for the object-oriented reuse. In the future, UNIX may be replaced by an object-oriented operating system, such an operating system, sufficient "open" and can be suitably cropped to meet our needs. By using a pipe (PIPE) and flag (FLAG), the software components under UNIX can be reused to provide the desired approximation. This method is effective in certain situations, and is quite negative (such as small internal applications, or for rapid prototyping), but for large-scale, expensive, or for safety requirements It is no longer suitable for this development method. Over the past decade, the advantages of integrated software (ie, software that do not use external components) have been recognized. Traditional UNIX systems cannot provide this advantage. In contrast, the integrated system is more complicated, and there is more requirements for developing their developers, but the end user (End user) is such software. The system that places all things is unacceptable. Now, the focus of software development has been transferred to component software development, such as OpenDoc or Microsoft OLE. For links, further problems appear in: Different compilation units and link systems may use different name encoding methods.
