I hadn't read this before, but I just came back from the
Embedded Systems Conference, where three vendors were selling
checking tools to find bugs in real-time C code. Sometimes
they can detect array bounds errors by static analysis. But
the approaches used aren't airtight.
Reading the "CERT C Secure Coding Standard" is interesting,
but a program compliant with the rules can still have memory
access violations. That's the trouble with viewing this as
a stylistic problem.
We could do much better, but would have to extend the C language
to do so. Is there any interest in that? C99 has a few halting
steps in the right direction, like the use of "static" in array
arguments in function declarations to indicate the minimum size
of the array passed. I've been writing up something in this area,
but unless there's serious political interest, it's not something
I would spend time on.
John Nagle
Animats