On Tue, Mar 24, 2009 at 1:37 AM, John Cowan <[email protected]> wrote: > Thomas Lord scripsit: > > > The freedom of an implementation to go either > > way on that point is a good reflection of the > > fact that neither way is obviously better than > > the other *and* it is easy for programs to not > > rely on one way or the other. > > > > Changing the language to force one choice is > > just arbitrary. It adds an implementation burden. > > It punts on the question of which choice is better. > > I'll just quote here from an email on the ECMAscript 3.1 mailing list > <https://mail.mozilla.org/pipermail/es3.x-discuss/2009-March/001183.html> > not necessarily because I agree with it, but so that the opposing > point of view is recognized: > > > Conventional developers seek only functionality, and stay away from > > edge conditions. Attackers seek opportunities in edge conditions. So > > defenders must reason about the limits on the damage that might be > > caused by these edge conditions. > > > > Put another way, conventional developers must code to the intersection > > semantics of the platforms in question, since a correct program must > > work across all these platforms. Attackers can seek opportunities in > > the union semantics, since an attack that works on any platform is > > still a successful attack. More deterministic specs narrow the gap > > between these two. > > --
Sorry for the long quoted text. I think both cases miss the point completely. Specifically, edge cases should be well-defined, and totally unambiguous. It's like saying, dont bother checking for overflow on fx ops, either way is good. Now neither are good. Cheers leppie -- http://codeplex.com/IronScheme http://xacc.wordpress.com
_______________________________________________ r6rs-discuss mailing list [email protected] http://lists.r6rs.org/cgi-bin/mailman/listinfo/r6rs-discuss
