From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.4 Path: eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!feeder.eternal-september.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!news.albasani.net!news.mixmin.net!aioe.org!.POSTED!not-for-mail From: "Dmitry A. Kazakov" Newsgroups: comp.lang.ada Subject: Re: Tests in a software release Date: Thu, 26 Oct 2017 09:20:36 +0200 Organization: Aioe.org NNTP Server Message-ID: References: NNTP-Posting-Host: lKHBldubgAWx1EqbQpQ5LQ.user.gioia.aioe.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: abuse@aioe.org User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 Content-Language: en-US X-Notice: Filtered by postfilter v. 0.8.2 Xref: news.eternal-september.org comp.lang.ada:48585 Date: 2017-10-26T09:20:36+02:00 List-Id: On 25/10/2017 21:30, Victor Porton wrote: > Do you agree that a release (that is software for which debugging was > finished) should have integer overflow tests but not array out of bounds > tests (because array out of bounds is always a programming error, but > integer overflow may happen in an innocent program)? Neither check can be disabled. 1. Both are contracted behavior. Disabling checks breaks the contract unless proven otherwise and *statically*. In the latter case it is an optimization issue to remove the check when that does not change the program behavior. 2. Any error must be detected as early as possible, so better bounds check now than a memory corruption check later. Therefore no difference if check failure were expected or not. -- Regards, Dmitry A. Kazakov http://www.dmitry-kazakov.de