From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,e6a2e4a4c0d7d8a6 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2003-02-21 12:53:35 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!sn-xit-03!sn-xit-01!sn-post-01!supernews.com!corp.supernews.com!not-for-mail From: "Randy Brukardt" Newsgroups: comp.lang.ada Subject: Re: status of PL/I as a viable language Date: Fri, 21 Feb 2003 14:51:01 -0600 Organization: Posted via Supernews, http://www.supernews.com Message-ID: References: <3E51908E.9CCA3412@adaworks.com> <8Gh4a.7455$_c6.743959@newsread2.prod.itd.earthlink.net> <3E51ABCE.5491B9A2@adaworks.com> <3E5273DE.2050206@cox.net> <3E531E6F.BDFB2599@adaworks.com> <3E546C45.4010406@cox.net> <3E54F926.441D5BB5@adaworks.com> <1045763933.848350@master.nyc.kbcfp.com> <42EA55F4BE83950E.F1DA277C2FDC157B.C804C1C52FE95D65@lp.airnews.net> <1045769690.126389@master.nyc.kbcfp.com> <2lb33b.7d6.ln@jellix.jlfencey.com> <1045772065.590669@master.nyc.kbcfp.com> <1045839283.86671@master.nyc.kbcfp.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: 7bit X-Newsreader: Microsoft Outlook Express 4.72.3612.1700 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3719.2500 X-Complaints-To: abuse@supernews.com Xref: archiver1.google.com comp.lang.ada:34387 Date: 2003-02-21T14:51:01-06:00 List-Id: Hyman Rosen wrote in message <1045839283.86671@master.nyc.kbcfp.com>... >I've mentioned this many times before. Language checks such as >bounds checking, pointer checking, and overflow checking are >fine for testing. But when the application is released, it is >better to disable such checks in cases where continued operation >is important, because it's more likely that a program which >"gets away" with making such an error can keep working, whereas >detecting the error will just blow the program away. Usually it is better to make the checks and prevent the "wrong answer". This is, after all, the cause of some many of the security holes on the Internet. The web server for AdaIC is written in Ada. I've left all of the checking on, and provide a global exception handler for each worker thread. Thus, the worst that can happen for a mistaken check is the currently processed operation to be abandoned (the server sends an internal error response to the client). That prevents all sort of security holes from buffer overflows and the like. It of course does not prevent all errors, but it allowed me to focus on blocking the common security problems that are algorithmic in nature, like traversal errors. Although the code has had a variety of buffer overflow and other bugs cause individual operations to fail, the server has continued to run and process other operations correctly for the entire 18 months. (And, all failures have been logged so that the cause can be tracked down easily). This has allowed the focus to be on the web site's contents, not on keeping the server running. There probably are cases where it is better to run with checks off. (We always did that with Janus/Ada for MS-DOS, just to keep the compiler size managable. That's not an issue on Windows.) But I would generally prefer to err on the side of leaving checks on unless it is necessary to do otherwise. Randy.