[SystemSafety] OpenSSL Bug
David MENTRE
dmentre at linux-france.org
Wed Apr 16 12:10:02 CEST 2014
Hello,
Le 14/04/2014 23:59, Derek M Jones a écrit :
>> Suppose technical methods T are known to avoid, definitively, mistakes
>> of type X,
>
> more empirical evidence,
No. As Peter said, the method T *definitely* avoids the mistake, by
construction.
To take just one example, consider the "=" vs. "==" issue in C's if
construct (e.g. "if ((a = check()) == SUCCESS) { ... }").
In C++, Ada and other languages, "if" construct only takes a Boolean as
first test parameter (contrary to C that takes arbitrary expression), so
an error like "if ((a = check()) = SUCCESS) { ... }" is systematically
caught by the compiler with a type error if type of "a" is not boolean.
In C, you could use a home defined bool type and have a static checker
checks that the use of this bool type is properly made according to some
typing rules.
>> and T are practical.
>
> and yet more empirical evidence,
No. In my previous example, the proposed approach is demonstratively
practical because you can write *exactly* the same expressions as before
(e.g. "if ((a = check()) == SUCCESS) { ... }"). The additional typing
adds no additional burden on the programmer.
Sincerely yours,
david
More information about the systemsafety
mailing list