Where should the type information be: in tags and descriptors 425

The C and C++ compilers haven't been proven correct either. That doesn't make any of these compilers useless.

It's certainly the case that a bug in a compiler *could* render a bounds checking feature inoperative (or worse). But I'd rather that my chances with the compiler doing it than expect every programmer using a non-bounds-checking compiler to have sufficiently carefully written, analyzed, and debugged his or here own code to guarantee that all such errors will be prevented. By putting that work in the compiler, you only have to be reasonably sure that it's done correctly *once*.

The gazillion buffer overrun exploits that have been found in both commercial and open source software written in C and C++ seem to me to be sufficient evidence that langauages that can't support bounds checking, or that require major jumping-through-hoops to do it (and maybe can't do it 100% even then) should never be used for large-scale software development, or for ANY software development that has to be resistant to attacks.

Naturally, the compiler can't protect against ALL types of exploits. But why use languages-compilers that can't protect against a simple clbutt of exploits that are incredibly common?

Eric