how to make code stay invariant
Ingo Krabbe
ikrabbe.ask@web.de
Tue Jul 25 04:47:00 GMT 2006
Am Dienstag, 25. Juli 2006 00:39 schrieb Rolf Schumacher:
> Thank you, Ingo.
>
> > The checksum approach isn't quite usefull I think, since algorithms
> > are and should be changed by hand and communication between developers
> > should be done as direct as possible. If you introduce checksums, you
> > provide a tools that simulates stability where there is none. There
> > is no fire and forget algorithm that you haven't develeoped and
> > documented quite well.
>
> Think of a checksum as a means to secure a message.
> Any secure protocol connection lives upon that. It's useful at least in
> that case.
Ouch, sorry rolf, but you didn't seem to get me. I never wanted to say that
checksums are complete rubbish, but I don't think that they are really
usefull to secure the stability of code.
All I wanted to say is that the stability of code has to be controlled by the
underlying logic and you will fail if you rely on valgrind, splint. They are
usefull to locate some errors that have already been detected in a complex
system, I think.
If you really want invariant concepts in your code and stay there, you have to
specify, prove and implement carefully.
Of course, if you think your objects or your code are attacked by someone you
are right to implement some checksumming. If you have several people who
install submodules into one system I would prefer gpg-signing by the
installer.
More information about the Gcc-help
mailing list