Re: A place to start

[David Ford <david@kalifornia.com>]

Ray L wrote:

> not true in general, unfortunately.  a change in another file might prevent
> arp.c from even compiling, let alone implementing correct semantics.  md5sums
> are certainly valid for a large class of errors, but not all.

Actually, it is true.  The focus of an audit is that input, change, and output
follow expected definition.  If a change in another file happens, the ICO rules
still apply to 'arp.c', if your input has changed, that means the API has
changed.  If the API changes, then your ICO rules don't match and must be
updated.

An audit focuses on the data path from input to output.  Valid data will always
be processed correctly and output correctly.  Invalid data will always be handled
correctly.  There are only these two conditions.

If the API and valid input data change, then the file must change and be audited
again.  If your audited file follows the above two rules, then it will never be
the guilty party in a bug.  A developer who doesn't update the entire data path
correctly introduces fault in the system but all files that are audited will
correctly reject invalid data, not segfault etc.

Therefore an md5sum of a perfectly audited 'arp.c' will be valid.

-d

--
"The difference between 'involvement' and 'commitment' is like an
eggs-and-ham breakfast: the chicken was 'involved' - the pig was
'committed'."


begin:vcard 
n:Ford;David
x-mozilla-html:TRUE
org:<img src="http://www.kalifornia.com/images/poweredbylinux.gif">
adr:;;;;;;
version:2.1
email;internet:david@kalifornia.com
title:Blue Labs Developer
x-mozilla-cpt:;-26528
fn:David Ford
end:vcard