[Cryptography] Ada vs Rust vs safer C

Jerry Leichter leichter at lrw.com
Sat Sep 17 20:02:06 EDT 2016

> The C++ standard has both operator[](size_type) and at(size_type), so
> the programmer can choose between having and not having overflow
> checks.
So ... quick question:  Which one does bounds checking, v[i] or v.at(i)?  Which has the shorter, more natural syntax?  Right there, you get a quick view of the biases in the C/C++ community.

A number of years back, before the C++ library became universally available, I wrote a library with a vector class.  It had v[i] and v.unsafeAt(i).  Now which one do you think elides the bounds checks?

In practice, unsafeAt() was never used.  *I* used it in a hash table implementation, where you could prove that the index into a vector representing a bucket had to be in range.  Except that the proof - wasn't, and the result was a nasty bug - quickly revealed by changing from unsafeAt() back to operator[].  After fixing the bug, I left the operator[] in.  No one ever complained, and the code never even showed up in profiles.
                                                        -- Jerry

More information about the cryptography mailing list