Saturday, November 03, 2007

Dear Lazyweb: How to make less coding errors

I just read Daniel J. Bernstein's paper on how to write secure software. It basically boils down to "Don't make programming errors!". This reminded me of an article which I read roughly a decade ago in c't magazine about a technique to reduce the numbers of errors when coding. If i recall correctly it worked like this: Write code, then debug it and pay attention what kind of errors you made and in what part of the process you made them. Then figure out ways to avoid those errors in similar situations in the future.

Despite spending some quality time with google I could not find a trace of this technique, let alone a name. Can someone please help me?

2 Comments:

At 9:53 AM, Blogger Adalbert said...

Its this:

http://de.wikipedia.org/wiki/Personal_Software_Process

http://en.wikipedia.org/wiki/Personal_Software_Process

 
At 11:02 AM, Blogger Tamas said...

Djb's method mostly boils down to:

1. memory allocations in libc are not safe? write your own safe method.
2. string methods are not safe? write your own.

The you only use these methods so many hidden bugs can be eliminated. There can be other bugs of course like design flaws of alike.

Explore cr.yp.to a bit deeper a you will get the concept. The pdf you are referring to alsa outlines some related techniques.

Running unpriv. processes etc.

 

Post a Comment

<< Home