Dave Korn <dave.korn.cyg...@gmail.com> writes: > On 28/05/2010 22:25, Ian Lance Taylor wrote: > >> The warn_unused_result extension was implemented specifically to catch >> security problems. Permitting developers to just add a cast to void >> would make it a very weak facility. > > But it's a weak and fundamentally flawed facility in the first place. > Permitting people to *believe* they can rely on it would be just as bad as > permitting explicit loopholes. > >> the history of security problems shows that >> developers can not always be trusted. > > Yeh, but it also shows just as surely that dumb-minded static analysis isn't > any use at all.
These statements are too strong. Of course programmers can outwit any such techniques. But these techniques can still catch real accidental mistakes. It's simply false to say that dumb-minded static analysis isn't any use at all. E.g., identifying and removing calls to the standard gets function is a simple and completely appropriate technique for increasing security. Simple static analysis doesn't solve all problems, but it does not follow that it isn't any use. Ian
