Wikipedia

Defensive programming: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
removed a lot of jargon that disambiguated the articles introduction~~~~
Tag: Reverted
m Rollback edit(s) by 50.92.202.47 (talk): non-constructive (RW 16.1)
Line 3:
{{howto|date=March 2012}}
 
'''Defensive programming''' is ana approachform toof improving[[defensive softwaredesign]] andintended sourceto code,ensure inthe continuing termsfunction of reducing thea numberpiece of [[software]] bugsunder andunforeseen problems,circumstances. makingDefensive theprogramming sourcepractices codeare comprehensible,often andused makingwhere the[[high softwareavailability]], behave[[safety]], inor a[[computer security|security]] predictableis mannerneeded.
 
Defensive programming is an approach to improve software and [[source code]], in terms of:
* General quality – reducing the number of [[software bug]]s and problems.
* Making the source code comprehensible – the source code should be readable and understandable so it is approved in a [[code audit]].
* Making the software behave in a predictable manner despite unexpected inputs or user actions.
 
Overly defensive programming, however, may safeguard against errors that will never be encountered, thus incurring run-time and maintenance costs. There is also a risk that code traps prevent too many [[Exception handling|exceptions]], potentially resulting in unnoticed, incorrect results.
 
== Secure programming ==
{{main|Secure coding}}
 
Secure programming is the subset of defensive programming concerned with [[computer security]]. TheSecurity mainis the concern, not necessarily safety or availability (the [[software]] may be allowed to fail in certain ways). As with all kinds of defensive programming, avoiding bugs is a primary objective; however, the motivation is not as much to reduce the likelihood of failure in normal operation (as if safety were the concern), but to reduce the attack surface – the programmer must assume that the software might be misused actively to avoidreveal bugs, and that bugs could be exploited maliciously.
 
<syntaxhighlight lang="c">int risky_programming(char *input) {
Retrieved from "https://en.wikipedia.org/wiki/Defensive_programming"