Re: OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + ho
In message <546CE3A8-FC87-472F-8A63-0497D0D28789@cederstrand.dk>,
Erik Cederstrand <erik+lists@cederstrand.dk> wrote:
>I don't disagree with you, but rewriting 1000 if-else cases in single-threaded
>userland programs just so the analyzer understands them is 1) tedious and 2)
>bound to accidentally introduce at least 50 new bugs
I feel compelled to point out that one could make the exact same two
assertions about writing code _generally_, i.e. writing software AT ALL
is (1) tedious and (2) bound to accidentally introduce at least 50 new bugs.
I feel further compelled to point out that at least the first of those
two assertions also applies, in my experience, to writing QUALITY code.
That doesn't mean it shouldn't be done.
And anyway, who said anything about userland?
I personally would contend that if the folks writing kernel code are
failing to eliminate compile time warnings, then that is also a travesty,
and perhaps even moreso than in the case of userland code.
Certainly, if a developer misses a bug because he failed to pay any
attention to the flashing yellow lights, then that is likely to have
far more serious ramifications if the code in question is within the
kernel.
>...since most real-life examples
>are considerably more complicated than the minimal example I posted.
If in fact, as you assert, ``most'' real-life examples of contexts and
situations where it is tedious and/or difficult to eliminate non-useful
compile-time warnings are ``complicated'' then I would guess that it
would be easy for you to find just _one_ such ``real life'' difficult
example and post it here.
Please do.
In my personal estimation no such alleged ``complicated'' real life examples
actually exist.
But I am more than willing to be proven wrong.
Regards,
rfg
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 21 之 49 篇):