Re: [Lit.] Buffer overruns

From: David Wagner (daw_at_taverner.cs.berkeley.edu)
Date: 01/30/05 

Date: Sun, 30 Jan 2005 10:48:48 +0000 (UTC)

Douglas A. Gwyn wrote:
>David Wagner wrote:
>> Still more of the "#3 is not perfect; we need something perfect;
>> therefore we shouldn't do #3" fallacy.
>
>No, it's more along the lines of "#3 doesn't work;
>we need something that works; therefore something
>other than #3 must be done".

If you phrase it as "#3 alone is not enough" or "something more than
#3 must be done", I'm in agreement.

>> ... Moreover, careful workmanship generally is not enough to
>> obviate the utility of memory-safe languages.
>
>It might reduce the marginal utility down to such
>a low level that it is not a dominant factor in
>language selection.

Sounds like we've hit the fundamental core of the difference between
our two positions. If (a) it were true that there are development
practices that are feasible and sufficient to reduce the incidence of
buffer overrun bugs to negligible level, and (b) we were able to verify
that this is true, then I'd be forced to agree with everything you say.

Personally, I am skeptical that (a) or (b) are true. But I could well
be totally wrong. I am at a bit of a disadvantage. You have used
development practices that you believe to be sufficient to achieve (a)
and (b). I haven't used those development practices -- indeed, I don't
even understand what they are or what they involve -- so I have no way
of knowing whether you are right or not. All I can say is "not proven"
(at least, not to me).