A solution that relies on constant vigilance is just so much harder than a language in which that class of bugs just isn’t a thing.
-
-
-
But also I could see perhaps that the tools back then were not as advanced as tools today: 15 years ago I don’t think many people could imagine writing SQLite in many things other than C
- 4 more replies
New conversation -
-
-
Time to dust off that bad boy (credit
@mononcqc)pic.twitter.com/lx3plP86if
-
cve?????
- 1 more reply
New conversation -
-
-
100% branch coverage doesn't mean you covered all possible behavior at all.
-
that's why fuzzy / property / quick tests matter. they cover data space rather code space, but cause there are possibly infinite data for given datatype (e.g, strings), such kind of tests are only an approximation. still better than nothing :)
- 1 more reply
New conversation -
-
-
AFL found bugs in SQLite (https://lcamtuf.blogspot.com/2015/04/finding-bugs-in-sqlite-easy-way.html …), including some that look exploitable given hostile SQL, and I'm pretty sure that was after it already had 100% branch coverage.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Wat? That guy's argument doesn't even make sense. Unit tests define a spec... they don't test whether 100% of the code works... they ensure that 100% of the code defines the behaviour you want to define. The concern is that the undefined behaviour isn't understood...
-
Like... there's multiple ways to define a min and max function if you account for infinites and NaNs. If you don't care? You don't need to define those test cases. As soon as you do care, then you need to define them so the rug isn't pulled out from under you.
- 1 more reply
New conversation -
-
-
He basically admits as much here: https://news.ycombinator.com/item?id=18687955 …
-
I'm interested in the backstory: was there a memory safety vuln in sqlite or something recently..?
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.