blog dds

2006.12.21

The Escape of a Small Program

C. A. R. Hoare's Law of Large Programs states that inside every large program is a small program struggling to get out. The parking receipt I got yesterday returning from a SQO-OSS meeting proves this fact.

Parking receipt
It looks like a printf formatting specification was doubly escaped, or used outside the context of a printf statement. As a result, the "PERSONELL" [sic] value in the receipt contains, instead of an actual value, the printf decimal escape sequence %d . Maybe, because no person is associated with the receipt, the car's plate number is also wrong.

Why do I claim that the two characters "%d" form a small program? If you think of it, the printf formatting specifications are a small, domain-specific language. They allow us to format fixed-width fields, creating report-like output records. Carelessly written printf statements can even be abused by mallicious code to inject abritrary code into a program. Finally, this small and cryptic language has been so successful that it is now part of Java 1.5 in the Formatter class.

Read and post comments, or share through   


Creative Commons License Last modified: Thursday, December 21, 2006 10:59 am
Unless otherwise expressly stated, all original material on this page created by Diomidis Spinellis is licensed under a Creative Commons Attribution-Share Alike 3.0 Greece License.