From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,8a4455177648cb9e X-Google-Attributes: gid103376,public From: Markus Kuhn Subject: Re: Idea: Array Boundary Checks on Write Access Only Date: 1998/06/21 Message-ID: <358D324F.7848A4A8@cl.cam.ac.uk>#1/1 X-Deja-AN: 364732863 Content-Transfer-Encoding: 7bit References: <35851B64.5BF271C4@cl.cam.ac.uk> <35858FBC.4E5E@praxis-cs.co.uk> Content-Type: text/plain; charset=us-ascii Organization: Cambridge University, Computer Laboratory Mime-Version: 1.0 Newsgroups: comp.lang.ada Date: 1998-06-21T00:00:00+00:00 List-Id: Robert Dewar wrote: > > It seems odd to have *any* runtime checks that can raise exceptions in > safety critical progams. Such programs are not supposed to have errors > that could write arrays out of bounds, and the certification and validation > process should be able to prove the absence of such errors. On this topic, read also the famous Ariane 5 maiden flight failure analysis: http://www.esrin.esa.it/htdocs/tidc/Press/Press96/ariane5rep.html The reason for the crash in the end was an unhandled Ada overflow exception. There would have been no problem here if this piece of navigation system control code had been compiled without exceptions. Markus -- Markus G. Kuhn, Security Group, Computer Lab, Cambridge University, UK email: mkuhn at acm.org, home page: