On Jul 16, 11:04pm, Perry E. Metzger (possibly) wrote: > Craig Spannring writes: > > C should not be used for trusted programs. > > Unfortunately, there are not really good open source alternatives. GCC > is everywhere. > > One thing that I wonder about, though, is that several years ago, some > guy in the U.K. did a bounds checking version of GCC. It would be Very > Neat if someone were to track that down and get the egcs people to > make it available. http://www-dse.doc.ic.ac.uk/~rj3/bounds-checking.html This is for 2.7.2. Be forewarned that it results in _very_ slow programs - an example was cited on the FreeBSD-security mailing list as follows (Don.Lewisat_private): |It may be worse than that. In a desparate attempt to track down a |bug in BIND, I recompiled it with the bounds checking version of |gcc. On a fairly zippy machine, it took about half an hour to load |a few zones with a total of a few hundred hosts. Under light query |load it was gobbling about 30% of the CPU. |In the situations where I've used code compiled this way, it seems |to average about a factor of 20 more expensive in terms of CPU usage. > In the long run, I'm hoping for Java front ends for GCC that make it > possible to do reasonable open source programming in a reasonable > language. Until then... I'd add that a Perl compiler is in development. -Allen -- Allen Smith easmithat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:06:44 PDT