In message <CAG5KPzw_cOfFLX_kn=5dwax+z+9vexuzo3q8yekdjg37tdq...@mail.gmail.com> , Ben Laurie writes: >On 25 April 2014 21:24, Ronald F. Guilmette <r...@tristatelogic.com> wrote: >> Separately, a code example of the following general form was discussed: >> >> if (condition) variable = value1; >> if (!condition) variable = value2; >> use (variable); >>
>One better answer would be to have a way to annotate that after the >two conditionals you assert that |variable| is initialised. Then a >future, smarter static analyzer can attempt to prove you wrong. The way you do that *IS* to assert that the variable is indeed set to something you can use. If your "security" source code does not have at least 10% assert lines, you're not really serious about security. And of course, if you compile the asserts out for "production" you are downright moronic about security :-) -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 p...@freebsd.org | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
