From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.4 required=5.0 tests=AC_FROM_MANY_DOTS,BAYES_00 autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,28cd155693714664 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2002-06-17 23:51:13 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!mango.news.easynet.net!easynet.net!news-peer.gradwell.net!psiuk-p2!psiuk-p3!uknet!psiuk-n!news.pace.co.uk!nh.pace.co.uk!not-for-mail From: "Marin David Condic" Newsgroups: comp.lang.ada Subject: Re: Faulty languages and Liability Date: Mon, 17 Jun 2002 17:07:40 -0400 Organization: Posted on a server owned by Pace Micro Technology plc Message-ID: References: <3D0DE5E2.5010904@mail.com> <27085883.0206171100.7f6f0c5e@posting.google.com> <3D0E461A.8050207@mail.com> NNTP-Posting-Host: dhcp-200-133.miami.pace.co.uk X-Trace: nh.pace.co.uk 1024348061 15973 136.170.200.133 (17 Jun 2002 21:07:41 GMT) X-Complaints-To: newsmaster@news.cam.pace.co.uk NNTP-Posting-Date: 17 Jun 2002 21:07:41 GMT X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Xref: archiver1.google.com comp.lang.ada:26211 Date: 2002-06-17T21:07:41+00:00 List-Id: Suppose the case goes like this: You purchased software that failed in some way and caused you harm. You discover that the reason for that failure (and your subsequent damage) was that the program had a careless and unchecked array reference that allowed an index to go out of bounds. You argue in court that array index out of bounds errors are classic errors discussed in all forms of computer science textbooks and that they are so well known and infamous that most modern programming languages automatically include runtime checks in them to catch this kind of error. Since the error type is so well known and so obviously a problem, one would expect that a *competent* programmer and a *responsible* company would have exercised due dilligence and either a) used a language that checked for this common and well publicized risk or b) maintained coding standards that would have insured that all array references were manually bounds checked if the language didn't provide for it. Sounds to me like a case that might be made. In the same way that we would hold a company liable for constructing a catwalk without guardrails, we could hold a company liable for constructing software without array bounds checks. How is this different? All the same arguments made against bounds checks could be applied to guard rails. (Inefficient, costs too much, not necessary, etc.) I doubt the courts would dictate the tools to use to build the guard rails, but they might still insist on you're putting them up. MDC -- Marin David Condic Senior Software Engineer Pace Micro Technology Americas www.pacemicro.com Enabling the digital revolution e-Mail: marin.condic@pacemicro.com "Hyman Rosen" wrote in message news:3D0E461A.8050207@mail.com... > > > So, given the well-known falible nature of human programmers, if one > > has the choice between well-known tools which perform many such checks > > automatically, and tools which do not perform such checks > > automatically, and if a falible programmer then uses tools of the > > second type which contribute to a major software failure, has due > > diligence been used? > > Perhaps not in hiring that programmer. The tools in question are not > equivalent in other aspects than safety, which is why the safe ones > are not always chosen. >