Back around 1980, when Ada was new, it was common for compiler manufacturers to
claim it is best to disable bound checking for performance reasons. Getting
your program to run slightly faster trumped knowing that any of your buffers
was overflowing. Code that silently trashes memory can be expected to produce
some truly creative results. My practice is to code defensively, to ensure my
program is operating according to policies that I set for it. I want to know
when it is misbehaving. Should there be a performance hit, I instrument the
program to find the hot spots and optimize those and only those.
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.