[Cryptography] Ada vs Rust vs safer C
Jerry Leichter
leichter at lrw.com
Sat Sep 17 20:02:06 EDT 2016
> The C++ standard has both operator[](size_type) and at(size_type), so
> the programmer can choose between having and not having overflow
> checks.
So ... quick question: Which one does bounds checking, v[i] or v.at(i)? Which has the shorter, more natural syntax? Right there, you get a quick view of the biases in the C/C++ community.
A number of years back, before the C++ library became universally available, I wrote a library with a vector class. It had v[i] and v.unsafeAt(i). Now which one do you think elides the bounds checks?
In practice, unsafeAt() was never used. *I* used it in a hash table implementation, where you could prove that the index into a vector representing a bucket had to be in range. Except that the proof - wasn't, and the result was a nasty bug - quickly revealed by changing from unsafeAt() back to operator[]. After fixing the bug, I left the operator[] in. No one ever complained, and the code never even showed up in profiles.
-- Jerry
More information about the cryptography
mailing list