On 08/03/2014 03:01 PM, Paolo Invernizzi wrote:
On Sunday, 3 August 2014 at 10:49:39 UTC, Timon Gehr wrote:
On 08/03/2014 11:15 AM, Paolo Invernizzi wrote:
because every few milliseconds an assert is triggered
Right, and software does not have security holes because otherwise
they would obviously be exploited every few milliseconds during
in-house testing.
That is a totally different matter:
Well, no.
security holes are about things that
the programmer is _totally missing_,
The programmer(s!) may be _totally missing_ the conditions that lead to
an assertion failure. In fact, unless assertions are intentionally
misused, this is always the case.
and someone is seeing and exploiting that.
(Undefined behaviour introduced in this way may be exploitable.)
... can you rephrase please?
If wrong assertions would indeed fail every few milliseconds, then a way
to show an assertion to be correct beyond reasonable doubt is to add the
test of the condition to the program and then run it for a few milliseconds.
