Path: csiph.com!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail
From: John Ames <commodorejohn@gmail.com>
Newsgroups: comp.os.linux.misc
Subject: Re: VMS
Date: Mon, 21 Jul 2025 09:12:42 -0700
Organization: A noiseless patient Spider
Lines: 29
Message-ID: <20250721091242.00007573@gmail.com>
References: <wCqdnYde9MIbmND1nZ2dnZfqnPadnZ2d@giganews.com> <mbmm2nFdsgcU2@mid.individual.net> <slrn105cajs.4vj.spamtrap42@one.localnet> <slrn105g20l.3q8n7.candycanearter07@candydeb.host.invalid> <slrn105k75h.h13.spamtrap42@one.localnet> <wwvpletmv3e.fsf@LkoBDZeT.terraraq.uk> <slrn105mpkd.q0k.spamtrap42@one.localnet> <KeednUgPwP3EDcb1nZ2dnZfqn_QAAAAA@giganews.com> <20250625093213.00002ec2@gmail.com> <20250625094418.00007fd2@gmail.com> <v_2dnfjqXOtB4sH1nZ2dnZfqnPqdnZ2d@giganews.com> <105iv02$3cuhr$2@dont-email.me> <wwvzfcy0z3n.fsf@LkoBDZeT.terraraq.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Injection-Date: Mon, 21 Jul 2025 16:12:46 +0000 (UTC)
Injection-Info: dont-email.me; posting-host="753731d93e7185eb75ed51ccf5386484"; logging-data="3029975"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX1/BlrC35Si11w9O01Okei5d/XuWdyZ6mzk="
Cancel-Lock: sha1:elj0nq3w0CBNnTVdupOzCPL6vdM=
X-Newsreader: Claws Mail 4.3.0 (GTK 3.24.42; x86_64-w64-mingw32)
Xref: csiph.com comp.os.linux.misc:69811

On Mon, 21 Jul 2025 08:42:04 +0100
Richard Kettlewell <invalid@invalid.invalid> wrote:

> Conservative upper bounds of this kind address two issues:
>=20
> 1) The possibility that you made a mistake in working out the upper
>    bound. Off-by-one errors are such a common category that they get
>    their own name; adding even 1 byte of headroom neutralizes them.
>=20
>    If you think only =E2=80=9Csloppy=E2=80=9D programmers make this kind =
of mistake
> then you=E2=80=99re deluded. A more competent programmer may make fewer
> mistakes but no human is perfect.
>=20
> 2) Approximation can make analysis easier. Why spend an hour proving
>    that the maximum size something can be is 37 bytes if a few seconds
>    mental arithmetic will prove it=E2=80=99s at most 64 bytes? (Unless you
>    have 1980s quantities of RAM, of course.)

Sure, memory is cheap and we can often afford reasonably over-specced
buffer sizes in Our Modern Age - but the fundamental problem remains.
Treating "a little extra just to be on the safe side" as a ward against
buffer overruns or other boundary errors is pretty much guaranteed to
run into trouble down the line, and no amount of "nobody's perfect...!"
will change that. If you're not working in a language that does bounds-
checking for you, and your design is not one where you can say with
*100% certainty* that boundary errors are literally impossible, CHECK
YER DANG BOUNDS. Simple as that.