From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.4 Path: eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!feeder.eternal-september.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!news.szaf.org!news.unit0.net!news.uni-stuttgart.de!news-1.dfn.de!news.dfn.de!news.uni-weimar.de!medsec1.medien.uni-weimar.de!slucks From: Stefan.Lucks@uni-weimar.de Newsgroups: comp.lang.ada Subject: Re: Tests in a software release Date: Thu, 26 Oct 2017 10:09:11 +0200 Organization: Bauhaus-Universitaet Weimar Message-ID: References: NNTP-Posting-Host: medsec1.medien.uni-weimar.de Mime-Version: 1.0 Content-Type: multipart/mixed; BOUNDARY="8323329-1876731153-1509005351=:19771" X-Trace: pinkpiglet.scc.uni-weimar.de 1509005351 19191 141.54.178.228 (26 Oct 2017 08:09:11 GMT) X-Complaints-To: news@pinkpiglet.scc.uni-weimar.de NNTP-Posting-Date: Thu, 26 Oct 2017 08:09:11 +0000 (UTC) X-X-Sender: slucks@lucks-pc In-Reply-To: User-Agent: Alpine 2.20 (DEB 67 2015-01-07) Xref: news.eternal-september.org comp.lang.ada:48587 Date: 2017-10-26T10:09:11+02:00 List-Id: --8323329-1876731153-1509005351=:19771 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: QUOTED-PRINTABLE On Wed, 25 Oct 2017, Victor Porton wrote: > Do you agree that a release (that is software for which debugging was > finished) should have integer overflow tests but not array out of bounds > tests (because array out of bounds is always a programming error, but > integer overflow may happen in an innocent program)? Firstly, depending on your programming conventions (or style) either=20 exception can be an error, or both, or none. As a rule of thumb, if the=20 possibility for the exception is anticipated and the exception is handled, it is not an error. If you don't anticipate the exception to be raised,=20 raising it is an error. Here a simple example for a program where an out-of-bounds access to an=20 array is not an error, and skipping the check would break the program: with Ada.Text_IO; procedure Example is type Counter_Array is array (Character range <>) of Integer; Counter: Counter_Array('a' .. 'z') :=3D (others =3D> 0); begin while not Ada.Text_IO.End_Of_File loop declare C: Character; begin Ada.Text_IO.Get(C); Counter(C) :=3D Counter(C) + 1; Ada.Text_IO.Put_Line(C & Integer'Image(Counter(C))); exception when others =3D> null; end; end loop; for C in Counter'Range loop Ada.Text_IO.Put(Integer'Image(Counter(C))); end loop; end Example; Secondly, even if raising the exception is an error, why do you want to=20 skip the check? Raising the exception gives you at least the chance to shut down your=20 program cleanly (try to close files you opened ...) and to write some=20 debugging output. Of course, if it turns out that your program is too slow, skipping either= =20 check may be an option. Ideally, you only do so after properly profiling=20 your program and locally, for the parts of the program which are=20 performance bottlenecks. Generally turning of some checks from scratch is= =20 premature optimization. (BTW, my general experience is that skipping=20 overflow and out-of-bounds access checks improves the peformance only=20 marginally.) -------- I love the taste of Cryptanalysis in the morning! -------= - www.uni-weimar.de/de/medien/professuren/mediensicherheit/people/stefan-luck= s ----Stefan.Lucks (at) uni-weimar.de, Bauhaus-Universit=E4t Weimar, Germany-= --- --8323329-1876731153-1509005351=:19771--