From: Markus Kuhn <Markus.Kuhn@cl.cam.ac.uk>
Subject: Re: Idea: Array Boundary Checks on Write Access Only
Date: 1998/06/21
Date: 1998-06-21T00:00:00+00:00 [thread overview]
Message-ID: <358D324F.7848A4A8@cl.cam.ac.uk> (raw)
In-Reply-To: dewar.898364494@merv
Robert Dewar wrote:
>
> It seems odd to have *any* runtime checks that can raise exceptions in
> safety critical progams. Such programs are not supposed to have errors
> that could write arrays out of bounds, and the certification and validation
> process should be able to prove the absence of such errors.
On this topic, read also the famous Ariane 5 maiden flight failure
analysis:
http://www.esrin.esa.it/htdocs/tidc/Press/Press96/ariane5rep.html
The reason for the crash in the end was an unhandled Ada overflow
exception. There would have been no problem here if this piece of
navigation system control code had been compiled without exceptions.
Markus
--
Markus G. Kuhn, Security Group, Computer Lab, Cambridge University, UK
email: mkuhn at acm.org, home page: <http://www.cl.cam.ac.uk/~mgk25/>
next prev parent reply other threads:[~1998-06-21 0:00 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
1998-06-15 0:00 Idea: Array Boundary Checks on Write Access Only Markus Kuhn
1998-06-15 0:00 ` Peter Amey
1998-06-20 0:00 ` Robert Dewar
1998-06-21 0:00 ` Markus Kuhn [this message]
[not found] ` <dewar.898490510@merv>
1998-07-09 0:00 ` Frank Klemm
1998-06-17 0:00 ` Stephen Leake
1998-06-17 0:00 ` Markus Kuhn
1998-06-17 0:00 ` Robert A Duff
1998-06-18 0:00 ` Anonymous
1998-06-18 0:00 ` Stuart Palin
[not found] ` <6m8v02$r2l$1@xenon.inbe.net>
1998-06-18 0:00 ` Markus Kuhn
1998-06-18 0:00 ` Lieven Marchand
1998-06-20 0:00 ` Robert I. Eachus
1998-06-18 0:00 ` Stuart Palin
1998-06-18 0:00 ` dennison
1998-06-20 0:00 ` Robert Dewar
1998-06-18 0:00 ` dennison
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox