Criticisms of C's execution model

• C is criticized for being too forgiving in its type-checking at compile time.

  It is possible to cast an instance of some types into other types, even if the two instances have considerably different types.

  A pointer to an instance of one type may be coerced into a pointer to an instance of another type, thereby permitting the item's contents to be interpreted differently.

• Badly written C programs make incorrect assumptions about the size of items they are managing. Integers of 8-, 16-, and 32-bits can hold different ranges of values. Poor choices, or underspecification can easily lead to errors.

• C provides no runtime protection against arithmetic errors.

  There is no exception handling mechanism, and errors such as division-by-zero and arithmetic overflow and underflow, are not caught and reported at run-time.

• C offers no runtime checking of popular and powerful constructs like pointer variables and array indices.

  Subject to constraints imposed by the operating system's memory management routines, a pointer may point almost anywhere in a process' address space and seemingly random addresses may be read or written to.

  Although all array indices in C begin at 0, it is possible to access an array's elements with negative indices or indices beyond the declared end of the array.

There are occasions when each of these operations make sense, but they are rare.

We avoid all of these potential problems by learning the language well, and employing safe programming practices.