Re: [SystemSafety] OpenSSL Bug

From: David MENTRE < >
Date: Wed, 16 Apr 2014 12:10:02 +0200


Le 14/04/2014 23:59, Derek M Jones a écrit :
>> Suppose technical methods T are known to avoid, definitively, mistakes
>> of type X,
> more empirical evidence,

No. As Peter said, the method T *definitely* avoids the mistake, by construction.

To take just one example, consider the "=" vs. "==" issue in C's if construct (e.g. "if ((a = check()) == SUCCESS) { ... }").

In C++, Ada and other languages, "if" construct only takes a Boolean as first test parameter (contrary to C that takes arbitrary expression), so an error like "if ((a = check()) = SUCCESS) { ... }" is systematically caught by the compiler with a type error if type of "a" is not boolean. In C, you could use a home defined bool type and have a static checker checks that the use of this bool type is properly made according to some typing rules.

>> and T are practical.
> and yet more empirical evidence,

No. In my previous example, the proposed approach is demonstratively practical because you can write *exactly* the same expressions as before (e.g. "if ((a = check()) == SUCCESS) { ... }"). The additional typing adds no additional burden on the programmer.

Sincerely yours,

The System Safety Mailing List
systemsafety_at_xxxxxx Received on Wed Apr 16 2014 - 12:10:16 CEST

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:06 CEST