Notes from C++ static analysis
Andrei Alexandrescu
SeeWebsiteForEmail at erdani.org
Wed Jun 26 19:25:50 PDT 2013
On 6/26/13 2:47 PM, Paulo Pinto wrote:
> Am 26.06.2013 20:52, schrieb H. S. Teoh:
>> On Wed, Jun 26, 2013 at 08:08:08PM +0200, bearophile wrote:
>>> An interesting blog post found through Reddit:
>>>
>>> http://randomascii.wordpress.com/2013/06/24/two-years-and-thousands-of-bugs-of-/
>>>
>> [...]
>>> The most common problem they find are errors in the format string of
>>> printf-like functions (despite the code is C++):
>>
>> None of my C++ code uses iostream. I still find stdio.h more comfortable
>> to use, in spite of its many problems. One of the most annoying features
>> of iostream is the abuse of operator<< and operator>> for I/O. Format
>> strings are an ingenious idea sorely lacking in the iostream department
>> (though admittedly the way it was implemented in stdio is rather unsafe,
>> due to the inability of C to do many compile-time checks).
>
> I have been an adept of iostreams since day one and never understood why
> people complain so much about them or the operator<< and operator>>
> for that matter.
The problems with C++ iostreams are well-known and pernicious:
1. Extremely slow by design.
2. Force mixing representation with data by design
3. Keep conversion state within, meaning they force very bizarre tricks
even for simple things such as printing/scanning hex numbers.
4. Approach to exception safety has the wrong default.
5. Approach to internationalization (locales) has the most byzantine
design I've ever seen. Even people who took part to the design can't
figure it all out.
Andrei
More information about the Digitalmars-d
mailing list