I keep thinking of the saying,
which comes first the chicken or the egg.
You have four things the editor, the compiler, the linker and make program.
Each has problems, but don't fix the problems, mangle things to get them to work.
In binary integer math, you know that an addition could be one bit larger then the largest of the two binary inputs.
Should the compiler tell you about this?
it should flag a warning if there is a risk for a mathematical operation to cause an overflow. the language should have a construct to tell the compiler : i know of this problem : it is safe.
for example the following construction could solve that
uint16 a,b,c
uint32 d
c = b+a <- generates warning/compile error
c = uint16(b+a) <- does not generate warning as the programmer has explicitly instructed the compiler to allow the overflow to happen
d = b+a <- does not generate warning as d is large enough to hold the result.
Should the compiler add code to check for this?
if it can be resolved at compile time ? no. variables are cast so the maximum storage space can be deduced at compile time.
Is this being checked for earlier in the code?
Or are you counting on programmer to get it right?
Is there a way for the programmer to tell the compiler the limits that are safe?
i gave an example above of how it can be done.
What other C functions does it need?
irellevant. the 'outward' functions either exist or they don't. the linker will tell you
What are the external variables?
Bad programming style . Functions should pass data only through their definition. They should not access anything else.
The language could easily be adapted to prohibit this. Any variable accessed that is not in the function header is automatically a local variable. Done. no more ambiguity. For those cases where you do want such functionality : implement a specific keyword although i can't imagine a cse where you could not do without it
function blah(a,b) as boolean
extern c <- keyword to declare there is an external variable being called in. the compiler can then check that such a beast exists and is of the correct type.
c = a+b
return a-b
end function
There is nothing wrong with the syntax of C. Syntax is syntax. Just take a way the ambiguity and strip it off it's parser induced limitations. semicolons , the darned == / = problem ( come on , it's 2015 you can't tell me a compiler cannot figure out of it is an assignment or a comparison... Basic could do that in 1964 ... And that is a child's language... Surely 'superior' C should be able to do that too ?
There are other things a compiler should do , especially when it comes to memory management. for example : if i free a block of memory : wipe it clean.
We've had oodles of problems lately with voided memory containing 'sensitive data' and scraping programs ( viruses) going on the hunt for this. What was the flaw again ? something in SSL ?
If the memory manager would actually destroy the memory content , as opposed to simply marking it as 'free'. This kind of crap could not happen.
The flaw was cause by a single failed check in the code. shit like that should not be left to the coder. it should be handled by the compiler. if i ask for a chunk of memory it hsoudl be handed to me 'clean'. if you ask to create a new file to the file system : it is empty. it does not contain garbage left over from its previous user. Why can't memory be treated the same way ?
the same shit happens with array definitions. There is nothing in the C language preventing me reading past the end of an array. in basic an array has a marker in it telling how large it is . try to go past the end and you get a slap on the wrist. Strings are the same thing. depending on the terminating character is crap. if i accidentally do not terminate properly all kinds of mayhem happens. simply store the length of the string in the string. a string could be defined as an array of a 32 bit number defining the length, following by the actual data. go over the limit and the compiler, or the runtime delivers you a swift kick in the pants. no more buffer overruns, underruns or leaky memory.
there are many simple things that could be implemented to make C a very good language.
MISRA is one attempt. there are others. but they do this using preprocessors. some of this stuff has to be done by the compiler.