Computer Chess Club Archives




Subject: Re: C/C++ standards

Author: Eugene Nalimov

Date: 10:05:18 12/16/05

Go up one level in this thread

On December 16, 2005 at 12:32:10, Daniel Mehrmannn wrote:

>On December 16, 2005 at 12:10:29, Bo Persson wrote:
>>On December 16, 2005 at 11:20:56, Daniel Mehrmannn wrote:
>>>On December 16, 2005 at 11:00:22, Eugene Nalimov wrote:
>>>>On December 16, 2005 at 08:43:05, Daniel Mehrmannn wrote:
>>>>>On December 16, 2005 at 08:12:49, Alessandro Scotti wrote:
>>>>>>On December 16, 2005 at 07:32:42, Daniel Mehrmannn wrote:
>>>>>>>But there is no other way than editing the SDK files - which is bullshit
>>>>>>>        Message: 'This function or variable may be unsafe. Consider using
>>>>>>>sscanf_s instead. To disable deprecation, use _CRT_SECURE_NO_DEPRECATE. See
>>>>>>>online help for details.'
>>>>>>Hi Daniel,
>>>>>>like the above message suggests, just define _CRT_SECURE_NO_DEPRECATE symbol in
>>>>>>your project settings (or in the compiler command line) and the warning goes
>>>>>Hi Alessandro,
>>>>>that's the problem. It doesn't work :( It's a bug i guess. If you looking with
>>>>>"google", you'll find it :((
>>>>>So you must edit the SDK Files.
>>>>That's very strange. That always worked, and I think you are doing something
>>>>You can specify /D_CRT_SECURE_NO_DEPRECATE at the compiler command line, or you
>>>>can add _CRT_SECURE_NO_DEPRECATE to the list of the predefined symbols somewhere
>>>>in the project settings.
>>>>And FYI: Microsoft submitted "safe" versions of those functions to the C/C++
>>>>Standard committees, and based on the feedback we believe they will be included
>>>>in the next versions of the Standards. So that's not only "the Microsoft way"...
>>>Hello Eugene,
>>>thanks for your help.
>>>I think it would be better to add your "secure" function as additional and not
>>>as standard and the user must do some steps to disable it.
>>Do you always run your compiler with the default settings?
>>I agree that they could have documented the change better, but that's a minor
>>>Microsofte creating new own standards and think the world will be accept it
>>>easily ?
>>Please take a look at this official document from the C Standard Committee's
>>It is a proposal "Extensions to the C Library - Part I: Bounds-checking
>>>Thats is strange and may one reason why Microsoft is unpopularly in some zones.
>>The usual complaint is that they wait too long before they implement new
>>standards. This time they were too fast?  :-)
>>Bo Persson
>This paper is a working darft and not offical. However that a logical war with
>no result like "Windows vs Linux" and M$ did this step not the first time.
>So this is my last post.

Ok, and here is *my* last post on that issue.

(1) I don't agree with everything Microsoft is doing, but I believe that
introducing "safe" functions is the right thing to do.

(2) I agree that wording of warning message is misleading. I can only say that
we have several leading C++ experts (e.g. Herb Sutter) in the compiler group,
and they missed that. More, we started to emit that warning in beta 2, and it
was made public more than 6 months prior to ship of the final product. Again,
nobody complained, including people who are very loud now. So probably the issue
is not very serious; in any case it would be addressed.

(3) Microsoft is providing new secure functions *in addition* to the unsafe ones
that are part of the Standard. You can use continue to use unsafe ones. In the
default configuration you'll get compiler warning on them, but you can turn them
off. I don't know why you were not able to do so, and suspect some mistake on
your side.

(4) Microsoft submitted those functions to the Standard committees, and we
believe they will be included in the next Standard versions. Other vendors are
free to include them in their products -- there are no patents/license issues.
Programs that use those functions are safer and less prune to exploits. Nobody
says that those functions are "silver bullet", but they definitely help. (There
are other ways for compiler to generate safer and more hacker-resist code -- we
improved Visual C 8.0 a lot in that area). All new Microsoft products are using
only new "safe" functions; we cleaned our codebase.

[Previous was my own opinion, but I believe it more-or-less match "official"
Microsoft line; I am not sure how following thoughts correspond to the Microsoft

(5) Developers are lazy; you should force safer ways of doing something in their
throat, otherwise they will address some issues only at the latest possible
moment. Warnings help a lot. Large ISVs meet "safe" string functions
enthusiastically, main complain is why we are doing that so late.


(Not speaking for Microsoft)

This page took 0.11 seconds to execute

Last modified: Thu, 07 Jul 11 08:48:38 -0700

Current Computer Chess Club Forums at Talkchess. This site by Sean Mintz.