Page 377 -
P. 377
360 Chapter 13 Dependability engineering
area of memory. They also make bound checking of arrays and other structures
harder to implement.
4. Dynamic memory allocation Program memory may be allocated at run-time
rather than at compile-time. The danger with this is that the memory may not be
properly deallocated, so eventually the system runs out of available memory.
This can be a very difficult error to detect because the system may run success-
fully for a long time before the problem occurs.
5. Parallelism When processes are executing concurrently, there can be subtle tim-
ing dependencies between them. Timing problems cannot usually be detected
by program inspection, and the peculiar combination of circumstances that
cause a timing problem may not occur during system testing. Parallelism may
be unavoidable, but its use should be carefully controlled to minimize inter-
process dependencies.
6. Recursion When a procedure or method calls itself or calls another procedure,
which then calls the original calling procedure, this is ‘recursion’. The use of
recursion can result in concise programs; however it can be difficult to follow
the logic of recursive programs. Programming errors are therefore more difficult
to detect. Recursion errors may result in the allocation of all the system’s mem-
ory as temporary stack variables are created.
7. Interrupts These are a means of forcing control to transfer to a section of code
irrespective of the code currently executing. The dangers of this are obvious; the
interrupt may cause a critical operation to be terminated.
8. Inheritance The problem with inheritance in object-oriented programming is that
the code associated with an object is not all in one place. This makes it more dif-
ficult to understand the behavior of the object. Hence, it is more likely that pro-
gramming errors will be missed. Furthermore, inheritance, when combined with
dynamic binding, can cause timing problems at run-time. Different instances of a
method may be bound to a call, depending on the parameter types. Consequently,
different amounts of time will be spent searching for the correct method instance.
9. Aliasing This occurs when more than one name is used to refer to the same
entity in a program; for example, if two pointers with different names point to
the same memory location. It is easy for program readers to miss statements that
change the entity when they have several names to consider.
10. Unbounded arrays In languages like C, arrays are simply ways of accessing
memory and you can make assignments beyond the end of an array. The run-
time system does not check that assignments actually refer to elements in the
array. Buffer overflow, where an attacker deliberately constructs a program to
write memory beyond the end of a buffer that is implemented as an array, is a
known security vulnerability.
11. Default input processing Some systems provide a default for input processing,
irrespective of the input that is presented to the system. This is a security loophole
