[Vortex] Safe string functions
Robert M. Münch
robert.muench at robertmuench.de
Wed Apr 16 15:47:40 CEST 2008
On Mon, 14 Apr 2008 11:15:26 +0200, Francis Brosnan Blazquez
<francis at aspl.es> wrote:
> My first impression is that using a managed implementation does not
> provide safety per se.
Hi, well, I think this topic is like "which programming language is the
best?". Nevertheless I think code safty comes from using and integrating a
lot of different aspects.
> We have worked to remove all dependencies on external projects we think
> tend to provide bad results, to write clean implementations that are
> checked against regression tests (with tools like valgrind) which not
> only ensure we don't leak, but all memory access are properly done.
To keep dependencies to a minimum is absolut the right way. Here, the code
base is simple, small and doesn't add any dependencies because you could
include the code.
And, I don't referr to memory leaks etc. this is something that can be
solved by knowing your handwork. I'm more thinkin about what kind of
messages will bomb a server.
> For us, safety comes from a constant work checking all APIs introduced
> as much as possible and then run regression tests under different
Well, a regression test can only show the presence of a problem never its
absence. ;-) Same for leak detection.
My point is, that submitting wrong formed meseages etc. can result in code
being executed that shouldn't. IMO using managed strings can reduce this
risk by a magnitude.
However, just wanted to note that in these times this is a critical issue
to take care about. Robert
More information about the Vortex