From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM
	autolearn=ham autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,54889de51045a215
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2003-10-27 09:31:08 PST
Path: 
 archiver1.google.com!news2.google.com!news.maxwell.syr.edu!newsfeed.mathworks.com!wn13feed!worldnet.att.net!204.127.198.203!attbi_feed3!attbi.com!attbi_s53.POSTED!not-for-mail
Message-ID: <3F9D55F8.3060801@comcast.net>
From: "Robert I. Eachus" <rieachus@comcast.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
 rv:1.0.2) Gecko/20021120 Netscape/7.01
X-Accept-Language: en-us, en
MIME-Version: 1.0
Newsgroups: comp.lang.ada
Subject: Re: += in ada
References: <bebbba07.0310191847.2d254e86@posting.google.com>
 <bn12if$sek$1@titan.btinternet.com> <e4WdneVLhtPUGQmiU-KYgw@gbronline.com>
 <mailman.137.1066727090.25614.comp.lang.ada@ada-france.org>
 <3F952DDD.6000501@noplace.com>
 <mailman.149.1066743522.25614.comp.lang.ada@ada-france.org>
 <3F95475C.2010004@comcast.net>
 <slrnbpccl2.1pa.randhol+valid_for_reply_from_news@kiuk0156.chembio.ntnu.no>
 <bn5gbo$tb05n$2@ID-175126.news.uni-berlin.de> <3F96E719.3020701@comcast.net>
 <bnj1go$11vp60$1@ID-175126.news.uni-berlin.de>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
NNTP-Posting-Host: 24.34.139.183
X-Complaints-To: abuse@comcast.net
X-Trace: attbi_s53 1067275867 24.34.139.183 (Mon, 27 Oct 2003 17:31:07 GMT)
NNTP-Posting-Date: Mon, 27 Oct 2003 17:31:07 GMT
Organization: Comcast Online
Date: Mon, 27 Oct 2003 17:31:07 GMT
Xref: archiver1.google.com comp.lang.ada:1738
Date: 2003-10-27T17:31:07+00:00
List-Id: <comp.lang.ada>

Vinzent 'Gadget' Hoefler wrote:

>>OS version or rewrite.  Most of the C code we had was closer to one 
>>known bug per 100 lines.  Fortunately most of it was in small drivers.
>  
> That still makes 10 bugs per application or so... ;-)

Correct.  At least half of them were potential buffer overflow errors. 
In theory you can fix those in the C code, but in practice checking the 
length of C strings in the C code would cause other (timing) problems. 
So most of them were documented and the checks were done in the OS (in 
PL/I) where possible.  In other cases, such as disk block sizes, we had 
control of block sizes for disks attached locally, but an NFS attached 
disk could cause problems, or if someone tried to attach a disk with a 
non-OS set block size...

There were at least three cases I know of at Stratus where a low-level 
driver was rewritten in Z-80 or whatever assembler as the only good way 
of avoiding a particular buffer overflow problem or an underrun problem. 
  (If you don't transmit all of a C string or other variable C array 
before time runs out, bad things happen.)

-- 
                                         Robert I. Eachus

"Quality is the Buddha. Quality is scientific reality. Quality is the 
goal of Art. It remains to work these concepts into a practical, 
down-to-earth context, and for this there is nothing more practical or 
down-to-earth than what I have been talking about all along...the repair 
of an old motorcycle."  -- from Zen and the Art of Motorcycle 
Maintenance by Robert Pirsig