[Python-Dev] RE: [Python-checkins] python/dist/src/Objectsunicodeobject.c,2.139,2.140

Tim Peters tim.one@comcast.net
Sun, 21 Apr 2002 13:30:48 -0400 

[Tim]
>> ... behavior, I viewed the version Martin replaced as unacceptable.

[M.-A. Lemburg]
> Are you sure, you're talking about the latest version I checked in ?

Calling the version Martin checked in N, I'm talking about versions N-3,
N-2, and N-1.  N-3 and N-2 were unacceptable because they wrote out of
bounds.  N-1 ("the version Martin replaced") was unacceptable because it
still didn't assert that it wasn't writing out of bounds.  I asked
repeatedly in the bug reports opened against N-3 and N-2 that asserts be
added.  If that had been done in version N-2, at least Barry, Martin, you
and I wouldn't have spent additional hours chasing down what turned out to
be more out-of-bounds writes (a debug-build run would have triggered an
assert directly in the flawed code).

> I spent hours on this too and I'm pretty sure to have fixed the
> buffer overruns now.

You were pretty sure about N-2 too <wink/sigh>, and the more hours it takes
to make tricky code correct, the more suspect that code is.  As I most
recently implored, in a comment on Barry's bug report against N-2:

    What I do care about is that there weren't (and
    still aren't) asserts *verifying* that this delicate code
    isn't spilling over the allocated bounds.

    About timing, last time we went around on this,
    the "measure once, cut once" version of the code was
    significantly slower in my timing tests too.  I don't care
    so much if the code is tricky, but the trickier the code
    the more asserts are required.

You checked in N-1 (and N-2) without responding to comments like that, and
we're all paying for it.  You realize asserts go away in the release build,
right?  They don't cost anything in production mode, they save our ass in
debug mode.

> ...
> So, why not just add the assert to my original version ?

I don't know why you didn't <wink>.  Martin backed out version N, so we're
back to N-1, except I see Martin added a crucial assert for you.  I added
some more since then.