home · projects · papers · blog · gallery · contact
anil madhavapeddy // anil.recoil.org

Tony Hoare on bounds checking in 1980

08 November 2005   |   Anil Madhavapeddy   |   tags:   |   all posts

I've been majorly focused on finishing off my PhD Thesis recently, hence the lack of updates (but check out the sharp green gradient I'm posting on the thesisometer!). While researching the history of dynamic bounds checking in languages, I found this remarkable quote from Sir Tony Hoare in his 1980 Turing Award lecture about Algol-60:

A consequence of this principle is that every occurrence of every subscript of every subscripted variable was on every occasion checked at run time against both the upper and the lower declared bounds of the array. Many years later we asked our customers whether they wished us to provide an option to switch off these checks in the interest of efficiency on production runs. Unanimously, they urged us not to - they already knew how frequently subscript errors occur on production runs where failure to detect them could be disastrous. I note with fear and horror that even in 1980, language designers and users have not learned this lesson. In any respectable branch of engineering, failure to observe such elementary precautions would have long been against the law.

Bear in mind he made this statement in 1980, and nothing has really changed in the intervening 25 years as the Internet gets overrun by viruses and worms which take down hospitals and nuclear power plants.

Another amusing one is about Fortran, found on his Wikiquote page:

On October 11, 1963, my suggestion was to pass on a request of our customers to relax the ALGOL 60 rule of compulsory declaration of variable names and adopt some reasonable default convention such as that of FORTRAN. [...] The story of the Mariner space rocket to Venus, lost because of the lack of compulsory declarations in FORTRAN, was not to be published until later."
 
blog comments powered by Disqus