[SystemSafety] C++ and Pointers
Peter Bishop
pgb at adelard.com
Thu Jun 6 17:37:27 CEST 2019
On 06/06/2019 15:03, Derek M Jones wrote:
> Peter,
>
>> They do, you know. But I grant you that the phenomenon is often
>> obscured.
>
> So, yes, that 90% is a made-up number.
>
> I don't have any data for problems that strong typing catches, or
> could catch. Based on rough percentages of fault classifications,
> e.g., errors of omission, commission, logic, arithmetic, wrong
> variable, etc; I would say it is less than 10%.
I guess there is a distinction to be made between
- bugs in general that can be detected by strong typing and
- the subset of bugs that are a) security vulnerabilities, b) exploited
in attacks.
My impression is that quite a lot of attacks exploit buffer overflow
vulnerabilities.
I don't know the percentage, but 10% seems rather low to me.
Peter Bishop
>
> The only work I know of that tries to answer the question of
> what faults might be detectable, using the concept of type, if the
> code was riddled with the appropriate annotations, is this:
> earlbarr.com/publications/typestudy.pdf
>
--
Peter Bishop
Chief Scientist
Adelard LLP
24 Waterside, 44-48 Wharf Rd, London N1 7UX
http://www.adelard.com
Recep: +44-(0)20-7832 5850
Direct: +44-(0)20-7832 5855
Registered office: 5th Floor, Ashford Commercial Quarter, 1 Dover Place,
Ashford, Kent TN23 1FB
Registered in England & Wales no. OC 304551. VAT no. 454 489808
This e-mail, and any attachments, is confidential and for the use of
the addressee only. If you are not the intended recipient, please
telephone 020 7832 5850. We do not accept legal responsibility for
this e-mail or any viruses.
More information about the systemsafety
mailing list