Open btrask opened 9 years ago
Other ideas:
assert_zeroed
macro);
instead of {}
(minor style issue, ;
is less obvious)We could also use a debugger option for setting breakpoints within a line.
We use short statements on the same line as their conditional to encourage error checking and avoid "goto fail" style bugs. However, GDB at least can't set breakpoints on the statement inside of the conditional.
I looked pretty hard into this and surprisingly I couldn't find any more info on it. Perhaps LLDB supports it.
My philosophy on C is that there is so much undefined behavior, we can turn it into any language we want it to be, including one focused on security. I think stand-alone static analyzers are a dead end, and the correct way to do this is by adding compiler warnings to existing mainstream compilers. The simplest and most obvious option is Clang.
Here are some warnings I'd like to see:
-Wjump-misses-init
that only complains if the uninitialized value is actually used (this is actually sort of accomplished by-Wmaybe-uninitialized
under GCC)assert_zeroed
macro to the stackC can also theoretically support a stricter memory model (like AddressSanitizer or emscripten) and all sorts of cool things. There's plenty of room at the bottom!