Topic: preventing accidental errors

topics > computer science > Group: security

type checking
user interface

debugging by usage rules
deletion of information
defensive programming
ease of use
error safe systems
flavor analysis and typestates for supplementary type checking
one-way hash function
prompted input
resourceful, redundant systems for reliability
safe use of pointers
safety critical systems
self-identifying data structures
type-safe and secure languages
undoing actions in a UserInterface
usability errors

Subtopic: prevent damage up

Quote: error handling may prevent damage whether caused by system or user [»hamiM_1978]
Quote: need discipline of relational model to share large quantities of data by non-programmers acting independently

Subtopic: social pressure up

Quote: social pressure can lead to misinterpretation, mistakes and accidents; strong influence on everyday behavior [»normDA_1988]

Subtopic: dumb mistake up

Quote: everyone makes dumb mistakes; a huge number of bugs are just one step away from a syntax error; e.g., typing || instead of && [»hoveD12_2004]
Quote: bug detectors for thread correctness, performance issue, security violation, usage bug, dropped exception, null pointer, open stream, unchecked return, unconditional wait [»hoveD12_2004]
Quote: it is easy to make expensive programming errors; the EDSAC group developed techniques to avoid or detect errors before execution and to locate errors after execution [»wilkMV_1951]
Quote: a common mistake is to put too much confidence in software; design errors are hard to find and eliminate [»leveNG7_1993]
Quote: Cyclone identified array bound violations in three benchmarks [»jimT6_2002]

Subtopic: usage fault up

Quote: the contingency design test begins with user interaction errors; e.g., skip a required field, fix a mistake, check a bad or mistyped URL, try customer support, what if there are no results [»lindM_2004]
Quote: hardware failure modes are more limited than software failures, so hardware interlocks should still be used
Quote: a forcing function constrains a sequence of actions; e.g., ignition switch and interlocks on microwave ovens [»normDA_1988]
Quote: a type specifies the valid operations while a type guard specifies when an operation is valid
Quote: Vault defines type guards for specifying resource management protocols; e.g., operations performed in a valid order, operations required before access, operations that will be performed; enforced at compile time [»deliR6_2001]
Quote: Lisa requires a menu item to eject a disk; prevents errors from removing disk at wrong time [»stewG3_1983]
Quote: Lisa has a software-controlled on/off switch; allows it to preserve the current state [»stewG3_1983]

Subtopic: usability fault up

Quote: a capture error occurs when a frequently done activity captures an unfamiliar activity sharing the same initial stages [»normDA_1988]
Quote: be careful of adding a comma between the cycle count and group of operations; otherwise get a sequence

Subtopic: security flaws up

Quote: Cyclone is a safe dialect of C; avoids buffer overflows, format string attacks, and memory management errors; static analysis plus run-time checks and annotations [»jimT6_2002]
Quote: CSSV for static analysis of buffer overflows in C; optional contract per procedure reduces to integer expressions; handles heap allocation, multi-level arrays, function pointers, casting; faster than authors' previous algorithm [»dorN6_2003]
Quote: a language is secure if it detects most cases where its concepts break down and produce meaningless results [»brinP4_1999]
Quote: fix security warnings or add annotations; run Splint until done [»evanD1_2002]

Subtopic: policy vs. settings up

Quote: prefer policy over tunable settings for security and resource allocation; express in terms of goals; allows audit, avoids user error [»kampPH7_2004]

Subtopic: irreversible action, confirmation up

Quote: irreversible actions provide sufficient warning, are difficult to do, or are nonexplorable
QuoteRef: muchSS_1976 ;;368 "Commands with potentially disastrous effects must prompt for confirmation before proceedings
Quote: erase and copy commands require confirmation with the effected region displayed; also undo [»goodM6_1981]
Quote: a guarded button, e.g., Destroy, must be double clicked; marked with a cross-out [»teitW3_1985]
QuoteRef: cbb_1973 ;;2/3/79 IBM human factors lab- all destructive operations such as delete-line requires use of the control key as confirmation

Subtopic: ignore confirmations up

Quote: Mux does not use confirmations for deletions; since confirmations are ignored in practice [»pikeR3_1988]
Quote: Star doesn't need an accept function since invoking the command is the last step [»smitDC_1982]

Subtopic: aliasing up

Quote: C++ lacks a 'no-alias' property because it can't be guaranteed, it may lead to accidental errors, and it is targeted to vectorizing computers [»stroB_1994]

Subtopic: syntax up

Quote: avoid unnecessary notation; common source of errors; e.g., statement separators, parenthesis [»paneJF9_2002]

Subtopic: numbers up

Quote: print 20-digit cryptographic token in two lines of four-digit groups; significantly reduced error rate [»andeRJ5_1996]
Quote: survey on the use of check digits for error detection in identification numbers [»gallJA9_1996]

Subtopic: error correction up

Quote: COUSIN interacts with users to correct errors in a command; it automatically corrects some errors and fills in defaults

Subtopic: scoping up

Quote: Java does not allow a local name to override a global name; an earlier version with name hiding caused accidental errors [»goslJ6_1997]

Subtopic: data type up

Quote: strong typing simplifies syntactic analysis and identifies many programming errors
Quote: C++ types and data-hiding efficiently prevent accidental corruption of data. They do not provide secrecy and security [»stroB_1991]

Related Topics up

Group: type checking   (12 topics, 392 quotes)
Group: user interface   (75 topics, 1639 quotes)

Topic: bugs (66 items)
Topic: debugging by usage rules (41 items)
Topic: deletion of information (11 items)
Topic: defensive programming (22 items)
Topic: ease of use (47 items)
Topic: error safe systems (76 items)
Topic: flavor analysis and typestates for supplementary type checking (68 items)
Topic: one-way hash function (24 items)
Topic: prompted input (5 items)
Topic: resourceful, redundant systems for reliability (38 items)
Topic: safe use of pointers (102 items)
Topic: safety critical systems (32 items)
Topic: self-identifying data structures (18 items)
Topic: type-safe and secure languages (43 items)
Topic: undoing actions in a UserInterface (23 items)
Topic: usability errors
(6 items)

Updated barberCB 11/05
Copyright © 2002-2008 by C. Bradford Barber. All rights reserved.
Thesa is a trademark of C. Bradford Barber.