Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!news.albasani.net!newsfeed1.swip.net!npeer02.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!spln!extra.newsguy.com!newsp.newsguy.com!news2
From: Michael Wojcik <mwojcik@newsguy.com>
Newsgroups: comp.lang.java.programmer
Subject: Re: =?UTF-8?B?QW5kcm9pZOKAlFdoeSBEYWx2aWs/?=
Date: Fri, 03 Jun 2011 09:31:54 -0400
Organization: Micro Focus
Lines: 47
Message-ID: <isaq5g11eti@news2.newsguy.com>
References: <irs55g$acb$1@lust.ihug.co.nz> <aki3u65e031f0n41s9696v7c223npiu4ru@4ax.com> <irsjma$ig8$1@lust.ihug.co.nz> <irsodu$jp7$1@speranza.aioe.org> <MPG.284ce826ee59e4e9989769@news.justthe.net> <irvift$98d$2@lust.ihug.co.nz> <irvris$orf$1@news.albasani.net> <MPG.284d80d0fd1becca98976b@news.justthe.net> <is0to0$b1k$1@news.albasani.net> <is0vhm$ha$1@speranza.aioe.org> <is17fl$viv$1@news.albasani.net> <is19e0$pae$1@speranza.aioe.org> <is1hrv$dmh$5@lust.ihug.co.nz> <is30d8$5fl$1@dont-email.me> <is3emq$7m1$1@news.albasani.net>
NNTP-Posting-Host: p1a30a06fd4e2c2faf73ebc0b2cde2efa9e0c54e6f03514f7.newsdawg.com
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.23) Gecko/20090812 Thunderbird/2.0.0.23 Mnenhy/0.7.5.0
In-Reply-To: <is3emq$7m1$1@news.albasani.net>
Xref: x330-a1.tempe.blueboxinc.net comp.lang.java.programmer:4936

BGB wrote:
> On 5/31/2011 8:10 AM, Joshua Cranmer wrote:
>>
>> Besides, all autoconf gets you is setting up the hundreds of #defines.
>> It does nothing else with respect to the #ifdef mess.
> 
> yeah, and it doesn't exactly tend to work well for non-Linux operating
> systems (such as Windows...).

Used properly, autoconf works just fine on Windows - or, at any rate,
as well as it works anywhere. (Like Joshua I am not particularly
impressed with autoconf, though it's not quite as thoroughly
brain-damaged as some of its fellow GNU build tools, such as libtool.)
Wireshark uses it, for example.

Once again, the real problem is that systems like autoconf only help
with C code that is written to be portable with the help of
conditional compilation. The vast majority of C code is poorly written
(spend some time on comp.lang.c if you don't understand how or why)
and a good portion of that is unportable assumptions.

Some of the classic non-portable assumptions in C code are becoming
rarer. The prevalence of two's-complement machines over
one's-complement and sign-magnitude (the other two "pure binary
representations" allowed for C integer types) has largely eliminated
one source of bit-twiddling errors, for example; and the popularity of
I32LP64 architectures has made more programmers aware of the problems
of casting between pointer and integer types.

But we still see a lot of code with character set assumptions, or
assuming CHAR_BIT==8, or assuming huge auto-class objects are fine.
Those are safe assumptions on many platforms, but they limit
portability. So do endianness assumptions, etc.

And we still see a lot of buffer overflows, integer overflows, unsafe
or erroneous memory allocation. Failures to check for and handle error
returns from library and system calls. TOCTOU races and other forms of
unsafe file handling. Interpositioning vulnerabilities (a huge issue
with Windows right now; not specific to C, but mitigated by runtime
systems that use more-sophisticated dynamic loaders). And so on.

Autoconf does *not a damn thing* to address any of this.

-- 
Michael Wojcik
Micro Focus
Rhetoric & Writing, Michigan State University