On 11/2/2013 8:09 AM, Joseph Rushton Wakeling wrote:
On 02/11/13 10:55, bearophile wrote:
To make high integrity software you have to start with reliable tools
I know what you're saying, but there is an inherent assumption in the
concept of "reliable tools". So far as I can see the important thing is
to assume that _nothing_ in the system is reliable, and that anything
can fail.
"Reliable" of course simply meaning "less unreliable".
If you rely on the language or on the compiler to detect integral
overflows, you're not necessarily safer -- your safety rests on the
assumption that the compiler will implement these things correctly, and
will ALWAYS do so regardless of circumstances.
It still helps and is therefore worthwhile. Nobody's claiming that
runtime overflow checks were sufficient to ensure reliability, only that
*not* having them can be a bad idea.
