On Friday, 7 February 2014 at 08:30:35 UTC, Walter Bright wrote:
On 2/6/2014 7:08 PM, bearophile wrote:
Walter Bright:
It's not a matter of taste. If your input is subject to a DoS
attack, don't
put exceptions in the control flow.
Perhaps the world of today malicious attacks on the software
you write should be
assumed as the default situation, and then the
language+library has to offer
something less paranoiac on request.
That's why some languages have changed their sorting and
hashing routines to
make them a little slower but safer on default.
DoS attack resistance requires faster code, not slower code.
I think bearophile is referring to a practice of avoiding fast
average-case, slow worst-case algorithms in favour of faster
worst-cases.
If an algorithm has best-case O(n*log(n)) and worst case O(n^2),
it's often not practical to build for the worst case, but
anything less than that can make you vulnerable to malicious
input as part of DOS.
In comparison, an algorithm with O(n*log^2(n)) average and
worst-case might be acceptable in the average case, but will hold
up better in the face of attack.
I'm not sure how relevant the point is to the general discussion.
