From: Rolf Schumacher <rolf@august.de>
To: Ingo Krabbe <ikrabbe.ask@web.de>
Cc: gcc-help@gcc.gnu.org
Subject: Re: how to make code stay invariant
Date: Mon, 24 Jul 2006 22:39:00 -0000 [thread overview]
Message-ID: <44C54C2D.8000403@august.de> (raw)
In-Reply-To: <200607241419.09982.ikrabbe.ask@web.de>
[-- Attachment #1: Type: text/plain, Size: 1791 bytes --]
Thank you, Ingo.
> The checksum approach isn't quite usefull I think, since algorithms
> are and should be changed by hand and communication between developers
> should be done as direct as possible. If you introduce checksums, you
> provide a tools that simulates stability where there is none. There
> is no fire and forget algorithm that you haven't develeoped and
> documented quite well.
>
Think of a checksum as a means to secure a message.
Any secure protocol connection lives upon that. It's useful at least in
that case.
Now take this model:
A programmer has proved (e.g. by Knuts rules) and tested her code
hard. She made a checksum to be absolutely sure to know what she's tested.
Than the software is validated independently, again, no errors.
The validator compares the checksum to the one the programmer knows.
They are equal.
What we've got? Two independent people are telling, this is good software
and they are talking about the same thing, for sure.
Now the message is sent: From lab to field operations. Copied several
times.
At the end appeared somewhere in memory. Check the checksum!
Now you know, nothing was changed, the module contributes to the system
and you're sure it's the same one as in the module test.
John is right, there are other things you can mention:
same code/checksum but different behavior.
But I like to come back to that problem when I'm finished with the first
one.
The checksum is a matter of securing a message, as in a secure protocol.
The only thing here is, that the massage is a module doing work in some
software.
It's a module that was sent by the first tester through an insecure channel
until it arrived at some operation.
I think, Ingo, checksums are a good and usual idea for that sort
transmission errors.
Rolf
[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/x-pkcs7-signature, Size: 3489 bytes --]
next prev parent reply other threads:[~2006-07-24 22:39 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-07-16 23:06 Rolf Schumacher
2006-07-21 0:44 ` John Carter
2006-07-23 5:22 ` Rolf Schumacher
2006-07-23 22:05 ` John Carter
2006-07-24 12:19 ` Ingo Krabbe
2006-07-24 22:39 ` Rolf Schumacher [this message]
2006-07-25 4:47 ` Ingo Krabbe
2006-07-24 22:38 ` Rolf Schumacher
2006-07-24 23:22 ` John Carter
2006-07-25 22:16 ` Rolf Schumacher
2006-07-26 6:47 ` John Carter
2006-07-29 18:50 ` Rolf Schumacher
2006-07-30 22:33 ` John Carter
2006-07-30 23:11 ` John Carter
2006-07-31 20:28 ` Rolf Schumacher
2006-07-28 23:35 ` Rolf Schumacher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44C54C2D.8000403@august.de \
--to=rolf@august.de \
--cc=gcc-help@gcc.gnu.org \
--cc=ikrabbe.ask@web.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).