|
Defensive programming is a form of defensive design intended to ensure the continuing function of a piece of software under unforeseen circumstances. The idea can be viewed as reducing or eliminating the prospect of Finagle's law having effect. Defensive programming techniques are used especially when a piece of software could be misused. Defensive programming is an approach to improve software and source code, in terms of: * General quality - reducing the number of software bugs and problems. * Making the source code comprehensible - the source code should be readable and understandable so it is approved in a code audit. * Making the software behave in a predictable manner despite unexpected inputs or user actions. Overly defensive programming however introduces code to prevent errors that can't happen, but needs to be executed on runtime and to be maintained by the developers, thus increasing the runtime and maintenance costs. There is also the risk that the code catches or prevents too many exceptions. In those cases, the error would be suppressed and go unnoticed, while the result would be still wrong. == Secure programming == Defensive programming is sometimes referred to as secure programming by computer scientists who state this approach minimizes bugs. Software bugs can be potentially used by a cracker for a code injection, denial-of-service attack or other forms of attack. A difference between defensive programming and non defensive programming is that few assumptions are made by the programmer, who attempts to handle all possible error states. In short, the programmer never assumes a particular function call or library will work as advertised, and so handles it in the code. An example follows: The function will crash when the input is over 1000 characters. Some novice programmers may not feel that this is a problem, supposing that no user will enter such a long input. A programmer practicing defensive programming would not allow the bug, because if the application contains a known bug, Murphy's Law dictates that the bug will occur in use. This particular bug demonstrates a vulnerability which enables buffer overflow exploits. Here is a solution to this example: 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「defensive programming」の詳細全文を読む スポンサード リンク
|