[C-safe-secure-studygroup] Annex K - was RE: C-safe-secure-studygroup Digest, Vol 26, Issue 6
andrew at andrewbanks.com
Tue Jan 22 07:26:29 GMT 2019
> On 1/16/19 11:46 AM, Robert Seacord wrote:
> > I'm working on a paper on bounds-checked interfaces that I'm going to
> > solicit reviewers for soon.
I think I've previously expressed to you verbally my position:
I think Annex K was a good idea, but badly implemented - IMHO it would have been better to have introduced the size parameter (size>0) as an optional 2nd parameter to the existing functions (no parameter no checking)
... in time, deprecate no second parameter
... in time, mandate the second parameter
I appreciate that C does not (yet) support optional parameters, but that is not unsurmountable with a bit of will.
> > Meanwhile, I've heard Clive defend the following principle:
> > This is a widely-held expert view that changes to “working code” only
> > increase the opportunities to inject new defects. This view has even
> > been expressed by the safety-critical community.
Ah yes... the old "it's been working for years" when it couldn't possibly!
Software must be the only engineering discipline where we have such a low opinion of our team, that preventative maintenance is deemed riskier than waiting for a failure to actually happen :(
More information about the C-safe-secure-studygroup