>From marick at m.cs.uiuc.edu:
> There are two assertions in Bill Wolfe's message:
> 1. The C community releases an unacceptable number of errors.
> 2. The C language is at least partly the *cause* of those errors.
3. Many members of the C community exhibit an unprofessional and
irresponsible attitude regarding defect control and especially
defect prevention.
4. Those members of the C community who ARE responsible professionals
are apparently not taking significant actions to raise the level
of software engineering professionalism within the C community.
The unsafe constructs within C are themselves sufficient evidence to
conclude that the C community, by choosing to use a language which has
many highly unsafe constructs and an almost total disregard for error
prevention, does not hold error prevention in sufficiently high regard;
the failure of a password security system because no boundary checks
were done on the length of the password (whereupon the intruder purposely
supplied a double-length password and thereby ensured that the left and
right sections of the password-validating data structure were compatible),
and similar cases demonstrate that the C language poses a serious obstacle
to the development of defect-minimal software. For the cost of simply
the recent national AT&T crash, I'd be willing to conjecture that all of
AT&T's software developers could have been trained in software engineering
concepts and the Ada language, and supplied with Ada compilers as well.
The comments found in the Unix man pages I cited have been there for
at least a decade, apparently going unchallenged by the rest of the
C community. This is despite the fact that the growth of C has been
widely attributed to the Unix operating system being given away to
so many universities -- if this attribution is correct, then Unix is
also responsible for helping to create the widespread attitude within
the C community that defects are to be treated casually.
It is entirely true that other language communities (BASIC, COBOL, etc.)
have problems along these lines which are arguably worse than those which
are clearly associated with the C community. On the other hand, there are
other language communities which are doing a considerably better job of
spreading software engineering concepts and providing linguistic support
for their application (Ada, Eiffel, etc.). The challenge for the C
community is to join the language communities which are doing a good
job in these respects, as opposed to holding its existing reputation
as a community which contains an extremely high percentage of those who
regard themselves as hackers, and whose products repeatedly make national
headlines with their spectacular failures. Since C is a language which
provides little or no support for defect prevention, one would expect
that the C community would naturally compensate by being extremely
careful about always applying the very best software engineering
practices. Unfortunately, I don't think even the most dedicated
C-backers would attempt to claim that this is presently the case.
Bill Wolfe, wtwolfe at hubcap.clemson.edu