From: "John G. Volan" <johnv@ac3i.dseg.ti.com>
Subject: Re: Beware: Rep spec on an enumeration type causes code explosion
Date: 1997/12/16
Date: 1997-12-16T00:00:00+00:00 [thread overview]
Message-ID: <3496D55F.1312429E@ac3i.dseg.ti.com> (raw)
In-Reply-To: gwinn-1212971935370001@dh5055236.res.ray.com
Joe Gwinn wrote:
>
> I have to disagree somewhat. We were using enumeration types as message
> type IDs all over the place, not just at the edges. For safety-critical
> messages, the enumerations are not permitted to be numerically contiguous,
> being required to differ in at least four bits from all other message type
> integer codes. This 4-bit requirement is intended to greatly reduce the
> probability of message spoofing. (I know this isn't by itself
> sufficient. This isn't the entire defense, only the part relevant to the
> current issue.)
I don't see how this requirement conflicts with the idiom I sketched
before (derive a "holey" enumeration type from a parent "contiguous"
enumeration type, and rely on Ada type conversions to provide the
necessary mapping). Your program only needs to deal with these "secure"
but "holey" message id bit patterns at its edges, where it receives and
unpacks input messages (whose provenance may be questionable) and where
it must pack up and transmit output messages (and establish their
provenance). But once you've checked your input messages against
whatever security measures you've established (including among other
things 'Valid-ating their "holey" message id's) there is hardly any
reason for your program to continue using the "holey" representation
internally. Particularly if you proceed to use message id's in a lot of
for-loops and array-indexes and other such enumerated-type operations
that threaten to "blow up" if the type is "holey". If you simply
type-convert the "holey" external versions of your message id's into
"contiguous" internal versions, right at the point of input, then you
incur the cost of the expensive mapping just once, rather than
repeatedly throughout your program. The nice thing about this is that
you don't have to give up on using your nice enumeration literals -- you
only have to give up the *representation*.
--
Internet.Usenet.Put_Signature
(Name => "John G. Volan",
Employer => "Raytheon/TI Advanced C3I Systems, San Jose, CA",
Work_Email => "jvolan@ti.com",
Home_Email => "johnvolan@sprintmail.com",
Slogan => "Ada95: World's *FIRST* International-Standard OOPL",
Disclaimer => "My employer never defined these opinions, so using " &
"them would be totally erroneous...or is that just " &
"nondeterministic behavior now? :-) ");
next prev parent reply other threads:[~1997-12-16 0:00 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
1997-12-05 0:00 Beware: Rep spec on an enumeration type causes code explosion Joe Gwinn
1997-12-06 0:00 ` Ken Garlington
1997-12-06 0:00 ` Corey Minyard
1997-12-08 0:00 ` Joe Gwinn
1997-12-10 0:00 ` Robert Dewar
1997-12-06 0:00 ` Robert Dewar
1997-12-08 0:00 ` Joe Gwinn
1997-12-09 0:00 ` Stanley R. Allen
1997-12-06 0:00 ` Robert Dewar
1997-12-06 0:00 ` Robert Dewar
1997-12-08 0:00 ` Joe Gwinn
1997-12-06 0:00 ` Robert Dewar
1997-12-06 0:00 ` David Marshall
1997-12-06 0:00 ` Kevin D. Heatwole
[not found] ` <dewar.881478386@merv>
1997-12-07 0:00 ` Robert Dewar
1997-12-09 0:00 ` Jim Gleason
1997-12-06 0:00 ` Tucker Taft
1997-12-06 0:00 ` Robert Dewar
1997-12-06 0:00 ` Robert Dewar
1997-12-08 0:00 ` Joe Gwinn
1997-12-08 0:00 ` Mats Weber
1997-12-09 0:00 ` Tucker Taft
1997-12-09 0:00 ` Matthew Heaney
1997-12-10 0:00 ` Charles Hixson
1997-12-10 0:00 ` Jean-Pierre Rosen
1997-12-10 0:00 ` Robert Dewar
1997-12-10 0:00 ` Stanley R. Allen
1997-12-14 0:00 ` Robert Dewar
1997-12-10 0:00 ` Stephen Leake
1997-12-14 0:00 ` Robert Dewar
1997-12-10 0:00 ` Ken Garlington
1997-12-11 0:00 ` John G. Volan
1997-12-11 0:00 ` Ken Garlington
1997-12-12 0:00 ` Matthew Heaney
1997-12-12 0:00 ` Ken Garlington
1997-12-16 0:00 ` John G. Volan
1997-12-17 0:00 ` Ken Garlington
1997-12-12 0:00 ` Alan E & Carmel J Brain
1997-12-12 0:00 ` Robert Dewar
1997-12-15 0:00 ` Tucker Taft
1997-12-16 0:00 ` Brian Rogoff
1997-12-12 0:00 ` Joe Gwinn
1997-12-12 0:00 ` Robert Dewar
1997-12-16 0:00 ` John G. Volan [this message]
1997-12-17 0:00 ` Ken Garlington
1997-12-17 0:00 ` Joe Gwinn
1997-12-17 0:00 ` John G. Volan
1997-12-18 0:00 ` Joe Gwinn
1997-12-11 0:00 ` Rakesh Malhotra
1997-12-11 0:00 ` Matthew Heaney
1997-12-12 0:00 ` Robert Dewar
1997-12-12 0:00 ` Rakesh Malhotra
1997-12-12 0:00 ` Samuel Tardieu
1997-12-12 0:00 ` Robert Dewar
1997-12-14 0:00 ` Alan E & Carmel J Brain
1997-12-12 0:00 ` Joe Gwinn
1997-12-15 0:00 ` Robert Dewar
1997-12-16 0:00 ` Joe Gwinn
1997-12-16 0:00 ` Robert Dewar
1997-12-09 0:00 ` Geert Bosch
1997-12-10 0:00 ` Robert Dewar
1997-12-06 0:00 ` Robert Dewar
1997-12-06 0:00 ` Matthew Heaney
1997-12-10 0:00 ` GNORT information ( Was Re: Beware: Rep spec on an enumeration type causes code explosion ) Mark Bennison
1997-12-10 0:00 ` Robert Dewar
1997-12-07 0:00 ` Beware: Rep spec on an enumeration type causes code explosion Larry Kilgallen
-- strict thread matches above, loose matches on Subject: below --
1997-12-09 0:00 tmoran
1997-12-11 0:00 Marin David Condic, 561.796.8997, M/S 731-96
1997-12-11 0:00 ` Robert Dewar
1997-12-11 0:00 Marin David Condic, 561.796.8997, M/S 731-96
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox