Re: How to make (ptr + len) > lim safe?
- From: William Ahern <william@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 20 Jan 2008 15:37:07 -0800
Ian Collins <ian-news@xxxxxxxxxxx> wrote:
William Ahern wrote:
Paul Hsieh <websnarf@xxxxxxxxx> wrote:What benefit do you gain form this? Without some form of core file, how
On Jan 18, 12:34 pm, William Ahern <will...@xxxxxxxxxxxxxxxxxxxxxxxxx><snip>
Point being, these checks are often times counter-productive. They hideYou want bugs to be found during *development time* not just as soon
bugs. I don't want my bugs hidden. Rather, I want to find them as soon as
possible.
as circumstances arise. Your compiler is unlikely to set a policy for
buffer overrun checking that is relevant to shipping, but instead is
focused for debugging.
I disagree. I want bugs found as soon as possible. And I always ship
compiled code with debugging symbols turned on. I won't budge on this. I'll
make the release engineer's life a living hell if I have to.
can you track the bug? With a core file, you don't have to ship with
debugging symbols.
On some systems core files without debugging symbols are almost useless, and
using symbols improves the situation somewhat. Example, XFS on Linux 2.4
kernels that introduced some crazy bug with VM paging of executables (and
probably many other symptoms). Maybe I could have worked around it; I never
looked into it too much. There were other, arguably inexcusable,
circumstances as well, mostly beyond my control.
Also, often times I would never have access to a build with symbols from the
same or substantially same codebase.
But, point taken. Certainly if the environment was different this would have
been more feasible.
Maybe that's why windows application have such a poor reputation?
Now, poor developer is enlisted to fix the product. More than likely there's
more than 1 bug, and more than 1 bug which might possibly cause the
symptom(s). So, he investigates. Ah, bug! Fix. Give to customer. "Try this".
Customer thinks, "Speedy service, I like these people". A week or two
passes. Same thing happens. Calls back. "Its broken! I thought you guys
fixed this?"
Repeat, ad naseum.
There isn't an easy way (apart from those nagging feedback reporting
dialogue boxes) to send a detailed report back the base.
Now, if the darned progam had simply core dumped at the pointer dereference,How does the user make use of debugging symbols?
and debug symbols were turned on, then the chances of fixing this bug on the
first try are much, much beter. And even though most developers will
[rightly] cringe at the notion of asking poor customer for a core file, or
get their hands dirty, so to speak, at the end of the day the problem is
fixed.
Point taken. I'm mixing up my experience at one shop with general [best]
practice.
.
- References:
- How to make (ptr + len) > lim safe?
- From: Michael B Allen
- Re: How to make (ptr + len) > lim safe?
- From: Jack Klein
- Re: How to make (ptr + len) > lim safe?
- From: Michael B Allen
- Re: How to make (ptr + len) > lim safe?
- From: pete
- Re: How to make (ptr + len) > lim safe?
- From: Michael B Allen
- Re: How to make (ptr + len) > lim safe?
- From: pete
- Re: How to make (ptr + len) > lim safe?
- From: Michael B Allen
- Re: How to make (ptr + len) > lim safe?
- From: pete
- Re: How to make (ptr + len) > lim safe?
- From: Michael B Allen
- Re: How to make (ptr + len) > lim safe?
- From: William Ahern
- Re: How to make (ptr + len) > lim safe?
- From: Paul Hsieh
- Re: How to make (ptr + len) > lim safe?
- From: William Ahern
- Re: How to make (ptr + len) > lim safe?
- From: Ian Collins
- How to make (ptr + len) > lim safe?
- Prev by Date: Re: When to check the return value of malloc
- Next by Date: Function Pointers
- Previous by thread: Re: How to make (ptr + len) > lim safe?
- Next by thread: Re: How to make (ptr + len) > lim safe?
- Index(es):
Relevant Pages
|
