> Why I enjoyed your rant very much, I must mention that according to what > I heard about the heartbleed bug, it is not the fault of the memory > allocator. > > The bug happened because the _sizes_ of incoming and outgoing data were > not handled correctly
true, but then the leaking memory wouldn't have been restricted on critical data like private keys and password traffic. so more probing would have been necessary to gain exploitable data. which of course isn't better, but afaik the (bad) selfmade memory management somewhat accelerated the root bug. Regarding testing, check out "John Hughes - Testing the Hard Stuff and Staying Sane": http://www.youtube.com/watch?v=zi0rHwfiX1Q Summary (see http://en.wikipedia.org/wiki/QuickCheck ): Testing done with predefined behavior specification models, then the code to be tested gets called with random inputs and the result compared with the model by using the pattern matching system of Erlang. If the system finds a bug, it reruns the tests until it can reduce it to the minimal steps required to trigger the bug and delivers those as output. It seems to me that a similar test software could be implemented in pil, using its highly flexible pattern matching (match). Or we extend QuickQueck with the ability to check picolisp code. Just a random idea. -- UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe
