> Why I enjoyed your rant very much, I must mention that according to what
> I heard about the heartbleed bug, it is not the fault of the memory
> allocator.
> The bug happened because the _sizes_ of incoming and outgoing data were
> not handled correctly

true, but then the leaking memory wouldn't have been restricted on
critical data like private keys and password traffic. so more probing
would have been necessary to gain exploitable data. which of course isn't
better, but afaik the (bad) selfmade memory management somewhat
accelerated the root bug.

Regarding testing, check out "John Hughes - Testing the Hard Stuff and
Staying Sane":  http://www.youtube.com/watch?v=zi0rHwfiX1Q
Summary (see http://en.wikipedia.org/wiki/QuickCheck ):
Testing done with predefined behavior specification models, then the code
to be tested gets called with random inputs and the result compared with
the model by using the pattern matching system of Erlang. If the system
finds a bug, it reruns the tests until it can reduce it to the minimal
steps required to trigger the bug and delivers those as output.

It seems to me that a similar test software could be implemented in pil,
using its highly flexible pattern matching (match). Or we extend
QuickQueck with the ability to check picolisp code. Just a random idea.

UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe

Reply via email to