Out of range pointers
Richard Harter
g-rh at XAIT.XEROX.COM
Fri Sep 30 18:23:22 AEST 1988
In article <835 at proxftl.UUCP> bill at proxftl.UUCP (T. William Wells) writes:
>In article <33789 at XAIT.XEROX.COM> g-rh at XAIT.Xerox.COM (Richard Harter) writes:
>: The question as I see it is not one of "fixing" caller
>: interface errors -- it is one of handling them gracefully.
>And I see the problem as one of how much code and time one is
>willing to spend on "graceful handling". As it happens, I
>routinely write code that does not do *any* parameter
>validation. And my debugged code almost never breaks in a way
>that would have been caught by parameter validation (or, for that
>matter, by most of the other tricks of the robust-is-god school),
>Now, unless the cost of a failing program is fairly high and the
>cost of adding validity checks is low enough, it follows that
>such checks do not belong in my code. I don't suppose that I am
>really that atypical, so I suppose that the same applies to other
>programmers. (Note that I am not speaking of checks used during
>the debugging phase; there one needs all the help one can get.
>:-)
Debugging??! You mean there are people that actually write
code that has bugs in it? :-). As you imply, there are tradeoffs.
Delivered commercial software, real time systems, software with a
lot of users, software in critical applications, and the like have
a high failure cost. A lot of my work has been in these areas, so
I am biased towards robustness. There are a lot of situations where
this is not the case.
As a general remark, once you get past the initial typos,
etc, most errors are the result of lacunae in the specifications
and analysis. As you suggest, parameter validation is not a high
profit area in the robust software game. However it is fairly easy
and it mostly can be done in a routine fashion. It is also part of
a general mind set which asks as a matter of course, "What will happen
if the assumptions made are violated, and what should I do about it?"
It is this mind set and the systematic routine application of this
approach that reduces the likelihood of these pernicious lacunae.
This is more important in large systems.
>: My view is that one should never
>: assume, as a matter of course, that software is correct.
>And my view is that one should balance the cost of software
>failure against the cost of making it less likely to fail.
Oh, I agree. And when I write a throwaway program I cut a lot
of corners. But even then it often pays to be scrupulous -- the routine
error checking makes debugging much more pleasant.
--
In the fields of Hell where the grass grows high
Are the graves of dreams allowed to die.
Richard Harter, SMDS Inc.
More information about the Comp.lang.c
mailing list