From: utzoo!decvax!cca!mullen@Nrl-Css@sri-unix
Newsgroups: net.unix-wizards
Title: Re: C Extensions
Article-I.D.: sri-unix.4066
Posted: Wed Oct 27 04:00:28 1982
Received: Thu Oct 28 03:28:42 1982

From: mullen at Nrl-Css (Preston Mullen)
Date: 24 Oct 1982 23:43:21-EDT
From: harpo!ihps3!houxi!hou5d!hou5a!mat at Ucb-C70
	Subject: Re: C extensions
	Article-I.D.: hou5a.161
	Remailed-date: 23 Oct 1982 1913-PDT
	
	about "XYZ" "ABC" being identical to "XYZABC", THIS IS DANGEROUS.  A
	dropped comma in an argument list can cause the list to be fouled up.
	If this is something like an error-handler ( where his example would
	be useful ) which is not exercised, and which may be marked as VARARGS
	for lint, it may get past debugging, and become a 'sleeper' bug, waiting
	to foul up a Venus probe 10 years from now.
	
Poo.  What's dangerous is inadequate validation.  Only an idiot
would put an unvalidated error handler (or an unvalidated anything)
into a Venus probe!  Such alarmist hyperbole does not enhance an argument.

[The following bit of ribaldry is not altogether inappropriate:
Q:	"Why is a herpes virus like a dropped comma?"
A:	"It may become a 'sleeper' bug, waiting to foul up a
	 Venus probe 10 years from now."
Q:	"What is the difference?"
A:	"A dropped comma can always be found and cured before
	 it hurts anybody."]

The proposed construct is hardly more error-prone than others;
C is just full of characters waiting to be dropped.  Imagine
converting
	j = --i;
into
	j = -i;
by dropping a '-'.  Or how about changing the parallel clauses
	j = 2, -i
to the single clause
	j = 2 -i
by dropping another comma?  The possibilities are endless.
At least C makes you declare identifiers.

I would venture the bold claim that languages like C should never be
used to implement programs for Venus probes, precisely because they
lend themselves so poorly to formal verification, but everybody would
get mad and a big argument would result, so I won't.