LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Interview: Kristen Carlson Accardi

LWN.net Weekly Edition for July 24, 2008

Tracing: no shortage of options

Interview: Wind River's John Bruggeman

LWN.net Weekly Edition for July 17, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

This makes me think...

This makes me think...

Posted Jun 3, 2004 5:06 UTC (Thu) by etrusco (subscriber, #4227)
Parent article: Finding kernel problems automatically

Has there ever been a tentative to push a "hardened C" standard, just C plus strong type-checking?

(Log in to post comments)

This makes me think...

Posted Jun 3, 2004 10:47 UTC (Thu) by dvdeug (subscriber, #10998) [Link]

Why would you want a version of C with strong-typing? It wouldn't be C anymore; it would probably be no easier to port code from C to new-C than it would to port it to Ada or some other real language with strong typing. If you want Ada, or Java, or Modula-3, or even C++, you know where to find them.

This makes me think...

Posted Jun 3, 2004 23:27 UTC (Thu) by bronson (subscriber, #4806) [Link]

Except that, with a few preprocessor defines to remove the strong-C keywords, you could compile strong-C on a weak-C compiler. The kernel source code could even be a mix of strong and weak C as it transitions to strong-C over the period of a few years. There are very real benefits to simply extending an existing language -- witness C++.

This makes me think...

Posted Jun 4, 2004 10:38 UTC (Fri) by dvdeug (subscriber, #10998) [Link]

Yes, witness C++. Part of C++'s problem is that it's an incredible pain to parse correctly (notice that GCC ended up completely rewritting the C++ parser to properly support standard C++.) Part of the reason is that C++ was designed based on the already complex C syntax.

Another problem with C++ is that C--especially real world C, but even standard C--and C++ aren't completely compatible either way. Stroustroup had to make a few minor tweaks that lost compatibility to make C++ work right. A strong-C is more than likely going to have a few edge cases where things don't work exactly the same.

To use a few preprocessor defines to remove the strong-C is going to hamstring your efforts; the differences are just not going to be that minimal, and that tightly limits your syntax. What you're asking for is basically the system described in the article, not a new language.

This makes me think...

Posted Jun 3, 2004 11:34 UTC (Thu) by bdixon (subscriber, #1055) [Link]

Yes... It is called MISRA (Motor Industry Software Reliability Association) C and it amounts to many rules asking you to do this and not do that. MISRA C compliance can be checked using static analyzers. For example, rule 33 says that the right hand operand of && or || shall not contain side effects.

Some of the MISRA rules, however, may not be compatible with systems programming.

This makes me think...

Posted Jun 3, 2004 15:12 UTC (Thu) by mmarsh (subscriber, #17029) [Link]

You might want to check out http://www.cs.cornell.edu/projects/cyclone/ ,
as well. It's certainly not a standard, but it's a safe C dialect.

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.