[fpc-other] Microsoft to ban Memcpy() :)
"Vinzent Höfler"
JeLlyFish.software at gmx.net
Sat May 16 19:28:07 CEST 2009
Jonas Maebe <jonas.maebe at elis.ugent.be>:
> On 16 May 2009, at 12:44, Vinzent Höfler wrote:
>
> > "Vinzent Höfler" <JeLlyFish.software at gmx.net>:
> >
> >> Time will tell, if memcpy_s() is actually "safer". If the programmer
> >> didn't think about the destination buffer's size before, why should
> >> he
> >> now? :->
>
> Because the API forces him to think about it now.
I wouldn't be to sure about that. See below.
> > The C(++)-folks fix:
> >
> > -- 8< --
> > inline void memcpy_s(void *dest, size_t sizeInBytes, const void
> > *src, size_t count)
> > {
> > if (count > sizeInBytes)
> > throw InvalidArgument("memcpy_s: buffer overflow");
> > memcpy(dest, src, count);
> > }
> > -- 8< --
> >
> > LMAO. Adding unnecessary bounds checking on each single call.
>
> I don't think it's unnecessary.
As necessary as in "the check will be optimized away"? ;)
> Moreover, in the trivial cases (where
> you wouldn't use a move() in Pascal) the check will be optimized away
> (since all size-related arguments will be constants),
Hmmhmm. That means any static checker (like lint) should have caught the buffer overflow before the code even got compiled?
Well, C-code tends to forget any type information at the second call-level latest. Whilst a "sizeof" on a "char buffer[5]" declaration still works, "sizeof" yields different results for "char*". As "memcpy" itself demonstrates, both types are broadly equivalent, with the small difference that the latter is void of /any/ size information.
This simply doesn't happen with Pascal's arrays, even in non-trivial cases.
> and in most
> other cases the time spent on actually copying will probably dwarf any
> overhead added by that extra check.
Sure. Tell that to the C-folks who keep complaining about slow languages like Pascal and Ada because of the runtime checks that happen there.
> > So much for the speed advantage of a low-level language. A pascal
> > compiler knows the correct sizes beforehand, no need for extra
> > bounds checking...
>
> A Pascal compiler has no idea about any actual variable sizes inside
> the move() procedure.
But it usually knows it before entering it. C compilers don't.
Vinzent.
--
Neu: GMX FreeDSL Komplettanschluss mit DSL 6.000 Flatrate + Telefonanschluss für nur 17,95 Euro/mtl.!* http://dslspecial.gmx.de/freedsl-surfflat/?ac=OM.AD.PD003K11308T4569a
More information about the fpc-other
mailing list