A Billion-Dollar Mistake: Null References


Added on  2019-09-16

4 Pages1387 Words439 Views
Answer 1Tony Hoare, who invented null references in ALGOL W programming language, in 1965 refers to it as a "historically bad idea", a "billion-dollar mistake". The impetus for him to introduce this feature was a typical programmer tendency to incorporate a new unrequested feature in the product he is working on, just because it is easy to implement. Now, let us explore how null references can cause complexities and create insecure code, with reference to C and C++.(1) Complexity increases because any object can in theory be null, and throw an exception when it is used. This results in the code being a collection of bombs which could explode any time. Now, to mitigate this, checks have to introduced at every step which ensure that the object we are dealing with is not null, and only then we proceed with accessing its members or properties.Code example:...stream = open_memstream(&buf, &size);if (stream == NULL) { // checking error/* handle error */ };fprintf(stream, "hello");...(2) Security concerns are introduced as NULL being a value that denotes no value, it is able to bypass compile-time checks of compiler.Code example:char c = 'A';char *myChar = 0; // instead of &cstd::cout << *myChar << std::endl; // results in runtime error(3) Security is compromised as because of null reference, strings are identified by their being terminated by null character. There is nothing stopping a programmer from accessing memory outside the bounds of the string. This opens up security as anything can be read or written to any memory location.Code example:char myText = "Hello";myText[10] = 'c'; // writing on unauthorized out-of-bound memory location
A Billion-Dollar Mistake: Null References_1

(4) Security is further compromised when NULL is considered with freeing memory. Now, whenmemory is attempted to be freed from a location which has already been freed, undefined behavior occurs and the system behaves in an unexpected manner.Code example:free(x); // this is wrong/* code using x */free(x);Now, there are conventions and best-practices that train programmers to work around these loopholes, but the fact is that they do exist, and they all stem from the one decision to include null references. Answer 2Rust has been developed to be a more secure language than contemporary languages which focuson programs being able to be embedded in other languages, with specific space and time requirements, and writing low-level code, like device drivers and operating systems. It intends to be more secure by introducing a number of compile-time safety checks which have zero runtime overhead, and also eliminates data races.Memory safety is guaranteed in Rust by taking away all control of managing memory away fromthe user and giving it back to the programming language. While this not only reduces the burden on programmers, it ensures a whole class of security loopholes are eliminated. The programmer does not do any pointer arithmetic or managing memory (no 'free' is required to deallocate memory in Rust). When an entity goes out of scope, the memory allocated to it is reclaimed.Also, the concept of ownership ensures that at any given time, only one entity has access to a memory location and this eliminates races, and contributes to memory safety.Code example in Rust: let text = "hello world";println!("Exists {:?}", text);println!("Does not exist {:?}", text_no_binding); // will result in compile-time error as variable has not been boundCode example in C:int x;printf("%d", x); // indeterminate, undefined behavior will result
A Billion-Dollar Mistake: Null References_2

End of preview

Want to access all the pages? Upload your documents or become a member.