Patterns of Human Error - my presentation at the DC ACM
bearophile
bearophileHUGS at lycos.com
Fri May 6 07:41:52 PDT 2011
Walter:
> The slides: http://www.slideshare.net/dcacm/patterns-of-human-error
Nice. Please put your PDFs everywhere but Slideshare. I'd love a simple link to just the PDF, thank you very much (Slideshare requires Flash, JavaScript, other things, and the flash viever doesn't allow me copy&paste of URLs like that joelonsoftware.com one or snippets that I have to copy manually here).
-----------------
- 9V battery: it has keyd connectors *and* inverting its polarity often doesn't lead to large damages (you may damage the curcuit in some cases). This means that a car batter has to be designed *safer* than a 9V battery because an error often causes more damages than in 9V batteries.
-----------------
> Simple fix: make l suffix illegal. No more possibility of this error. End of story.
This is exactly the solution used by JSF-AV. They use a pre-compiler that generates a "compile" error if you use "l" as suffix (and maybe even if you use it as variable name). So they aren't using normal C++.
-----------------
> int i = 1_000_000;
A downside of the current implementation is visible here:
long i = 1_000_000_00_000L;
The underscores are not enforced every 3 (or 4 on hex/binary literals) digits.
But in practice this has not caused me troubles, so far.
-----------------
> Error Patterns Eliminated [Slide 32]
It's a very nice slide :-)
-----------------
> i should be size_t [Slide 31]
Something related to this has caused me a not immediately visible bug in D, this is the original correct function:
double[][] matgen(int n) {
double[][] a;
double tmp = 1.0 / n / n;
a.length = n;
for (int i = 0; i < n; ++i) a[i].length = n;
for (int i = 0; i < n; ++i)
for (int j = 0; j < n; ++j)
a[i][j] = tmp * (i - j) * (i + j);
return a;
}
Second "improved" version:
double[][] matgen(int n) {
double tmp = 1.0 / n / n;
auto a = new double[][](n, n);
foreach (i, row; a)
foreach (j, ref x; row)
x = tmp * (i - j) * (i + j);
return a;
}
Problem: (i - j) gives a wrong result because i and j are now unsigned.
See some of the discussion:
http://www.digitalmars.com/webnews/newsgroups.php?art_group=digitalmars.D.learn&article_id=26563
http://www.digitalmars.com/webnews/newsgroups.php?art_group=digitalmars.D.learn&article_id=26587
http://www.digitalmars.com/webnews/newsgroups.php?art_group=digitalmars.D.learn&article_id=26629
-----------------
> Uninitialized memory [Slide 41]
This compiles with no errors, but maybe you meant heap memory:
@safe void main() { int x = void; }
-----------------
> Validated data: validated!(T) [Slide 46]
I don't remember/know what this is.
Thank you for all this stuff you give us for free, people used to pay for such texts.
-----------------
> http://www.joelonsoftware.com/articles/wrong.html
>From the blog post:
>All strings that come from the user must be stored in variables (or database columns) with a name starting with the prefix "us" (for Unsafe String). All strings that have been HTML encoded or which came from a known-safe location must be stored in variables with a name starting with the prefix "s" (for Safe string).
A better solution:
http://blog.moertel.com/articles/2006/10/18/a-type-based-solution-to-the-strings-problem
Bye,
bearophile
More information about the Digitalmars-d-announce
mailing list