Re: security issues with forth

John Passaniti <nntp@xxxxxxxxxxxxxxxxx> writes Re: security issues with forth

Elizabeth D Rather wrote:
It's a matter of attitude. Programmers who have been accustomed to a
god-like, omniscient compiler that checks for everything learn to be
sloppy, because they'll be taken care of. If you know it's up to
you, you assume responsibility and think things through better.

Hi Elizabeth. Please detail three things regarding the above quote:

1. Name the "god-like, omniscient compiler" you are talking about.
Failing that, name a language for which you think such such compilers exist.

I assume she does not mean that the compiler actually corrects the errors,
but just points them out. MS VC 6.0 and, in The Old Days, Turbo Pascal work
like this and, in my exprience, they promote the behavior she describes.

Instead of looking things up and thinking them through, with these two
I just try to compile the code that I'm unsure of. If there are no errors,
I run it, knowing the debugger will act as a safetynet. Depending on the
purpose of the code, that's about the time I start thinking.

2. Give an actual example of the kind of god-like omniscience you're
talking about. For example, you might give an ambiguous expression that
the compiler infers meaning from-- and gets it wrong.

This isn't ambiguous for the compiler, but I sure wouldn't want to write
like this in Forth. I think I made it do what I wanted by sitting in the
debugger and looking at the decompiled code to see what it appeared to be
doing (approximately).

GLenum tkInitWindowAW (char *title, BOOL bUnicode) {
WNDCLASS wndclass;
RECT WinRect;
HANDLE hInstance;
GLenum Result = GL_FALSE;
BOOL bGetVersionExRet;

static ATOM aRegister = 0;

hInstance = GetModuleHandle(NULL);

tkOSVerInfo.dwOSVersionInfoSize = sizeof(tkOSVerInfo);
bGetVersionExRet = GetVersionEx(&tkOSVerInfo);
TKASSERT(bGetVersionExRet);
if ( tkOSVerInfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
tkOSVerInfo.dwMajorVersion == 3 &&
(tkOSVerInfo.dwMinorVersion == 5 || tkOSVerInfo.dwMinorVersion == 51) )
tkNumStaticColors = COLOR_BTNHIGHLIGHT - COLOR_SCROLLBAR + 1;
else
tkNumStaticColors = COLOR_INFOBK - COLOR_SCROLLBAR + 1;

if (!aRegister) {
// Must not define CS_PARENTDC style.
wndclass.style = CS_HREDRAW | CS_VREDRAW;
wndclass.lpfnWndProc = (WNDPROC)tkWndProc;
wndclass.cbClsExtra = 0;
wndclass.cbWndExtra = 0;
wndclass.hInstance = hInstance;
wndclass.hIcon = LoadIcon (hInstance, MAKEINTRESOURCE(IDI_FORTHPAD));
wndclass.hCursor = LoadCursor(NULL, IDC_ARROW);
wndclass.hbrBackground = GetStockObject(BLACK_BRUSH);
wndclass.lpszMenuName = NULL;

if (bUnicode)
wndclass.lpszClassName = (LPCSTR)lpszClassNameW;
else wndclass.lpszClassName = (LPCSTR)lpszClassName;

if (bUnicode)
aRegister = RegisterClassW((CONST WNDCLASSW *)&wndclass);
else aRegister = RegisterClass(&wndclass);

/*
* If the window failed to register, then there's no
* need to continue further.
*/

if(0 == aRegister) {
PrintMessage("Failed to register window class\n");
return(Result); }}

/*
* Make window large enough to hold a client area as large as windInfo
*/

WinRect.left = windInfo.x;
WinRect.right = windInfo.x + windInfo.width;
WinRect.top = windInfo.y;
WinRect.bottom = windInfo.y + windInfo.height;

AdjustWindowRect(&WinRect, WS_OVERLAPPEDWINDOW, FALSE);

/*
* Must use WS_CLIPCHILDREN and WS_CLIPSIBLINGS styles.
*/

if (bUnicode) {
tkhwnd = CreateWindowW(
(LPCWSTR)lpszClassNameW,
(LPCWSTR)title,
WS_OVERLAPPEDWINDOW | WS_CLIPCHILDREN | WS_CLIPSIBLINGS,
(windInfo.bDefPos) ? CW_USEDEFAULT : WinRect.left,
(windInfo.bDefPos) ? CW_USEDEFAULT : WinRect.top,
WinRect.right - WinRect.left,
WinRect.bottom - WinRect.top,
NULL,
NULL,
hInstance,
NULL); }
else {
tkhwnd = CreateWindow(
lpszClassName,
title,
WS_OVERLAPPEDWINDOW | WS_CLIPCHILDREN | WS_CLIPSIBLINGS,
(windInfo.bDefPos) ? CW_USEDEFAULT : WinRect.left,
(windInfo.bDefPos) ? CW_USEDEFAULT : WinRect.top,
WinRect.right - WinRect.left,
WinRect.bottom - WinRect.top,
NULL,
NULL,
hInstance,
NULL); }

if ( NULL != tkhwnd ) {
// If default window positioning used, find out window position and fix
// up the windInfo position info.

if (windInfo.bDefPos) {
GetWindowRect(tkhwnd, &WinRect);
windInfo.x = WinRect.left + GetSystemMetrics(SM_CXFRAME);
windInfo.y = WinRect.top + GetSystemMetrics(SM_CYCAPTION)
- GetSystemMetrics(SM_CYBORDER)
+ GetSystemMetrics(SM_CYFRAME); }
tkhdc = GetDC(tkhwnd);
if ( NULL != tkhdc ) {
ShowWindow(tkhwnd, SW_SHOWDEFAULT);
if ( FindPixelFormat(tkhdc, windInfo.type) ) {
tkhrc = wglCreateContext(tkhdc);
if ( NULL != tkhrc ) {
if ( wglMakeCurrent(tkhdc, tkhrc) )
Result = GL_TRUE;
else PrintMessage("wglMakeCurrent Failed\n"); }
else PrintMessage("wglCreateContext Failed\n"); }}
else PrintMessage("Could not get an HDC for window 0x%08lX\n", tkhwnd ); }
else PrintMessage("create window failed\n");

if ( GL_FALSE == Result )
DestroyThisWindow(tkhwnd); // Something Failed, Destroy this window
return( Result ); }

Yes, just one simple function.

3. Give an actual example of how such a god-like omniscient compiler
promotes sloppy coding.

See above?

You used the word compiler, which I think is important. But feel free
to extend the discussion to interpreted languages.

The Matlab interpreter. It promotes that you try it until it works.
It'll invert matrices if all you want to do is invert numbers, silently
weeds out NaNs and Infs from your data, divides by zero without telling
you ... :-)

Responses from others are certainly welcome, but since Elizabeth made a
claim, I'd like to see her justify it.

-marcel

.

Relevant Pages

  • Re: Compiling a .prg into an .exe file
    ... require the users input to close the window when operations have been ... done...then I need to generate a .exe file from that .prg file somehow. ... Assuming that you don't have the Clipper compiler and the tools that ...
    (comp.lang.clipper)
  • Re: Before I submit this to RosettaCode ...
    ... The compiler gave the impression of running correctly (no error ... make sure you look at it in a maximised window.) ... places it (one screenful at a time) on the screen for you. ... If you take the scond option and redirect the output (this is NOT the same ...
    (comp.lang.cobol)
  • Re: Console.Clear()
    ... The compiler messages appear in the same window as the output ... Private Sub Button1_Click(ByVal sender As System.Object, ... Seth) was unaware that Console.WriteLine would write to the output window. ... I later discovered the Console class... ...
    (microsoft.public.dotnet.languages.vb)
  • Re: GCC 4.4.2 optimizer bug?
    ... On my second use of the WinEnableMenuItem API call, ... The thing that makes me think compiler is that this is ... (it's the first window that I pop up), and I have "guard bytes" around ... container with CN_EMPHASIS to enable or disable menu items based on what ...
    (comp.os.os2.programmer.misc)
  • error when build .c file which call tcl tk command
    ... warnings appear: ... compiler with the '/clr' option ... wmain (hInstance, hPrevInstance, lpszCmdLine, nCmdShow) ...
    (comp.lang.tcl)