[Cryptography] bounded pointers in C
Bill Frantz
frantz at pwpconsult.com
Mon Apr 21 15:41:40 EDT 2014
On 4/21/14 at 6:05 AM, pgut001 at cs.auckland.ac.nz (Peter Gutmann) wrote:
>Sorry, nonstandard terminology, I meant constantly auditing your own code,
>which in both Wietse's case and mine means taking printouts of code modules
>home to read offline at your own pace to check for problems. That's not just
>code you've recently been working on, but selections of older code modules
>that you're re-checking in case you see something that didn't pop out the last
>time you checked.
Two things I have found useful in this kind of effort:
Carefully compare the code with the comments. SInce most of my
professional career was writing in assembler, I tended to
comment each instruction with a reason for its existence. I
frequently found bugs where the comment said one thing and the
code something slightly different. Only one time did they seem
different, but weren't. That time produced even more comments as
to why the comment and the code were both correct. In a sense,
my code included an informal proof of correctness in the comments.
Use an automatic formater to reformat your code for review.
(Keep the original format for your source code control system.
People make more readable formatting than machines.) Seeing the
same code from a different point of view can overcome personal
blind spots.
Cheers - Bill
---------------------------------------------------------------------------
Bill Frantz | Re: Computer reliability, performance, and security:
408-356-8506 | The guy who *is* wearing a parachute is
*not* the
www.pwpconsult.com | first to reach the ground. - Terence Kelly
More information about the cryptography
mailing list