Secure Coding mailing list archives
Re: Programming languages used for security
From: Crispin Cowan <crispin () immunix com>
Date: Fri, 09 Jul 2004 21:36:40 +0100
ljknews wrote: Such typing should include specification by the programmer of the range of values allowed in variables: -32767 to +32767, 0 to 100, 1 to 100, Characters a-z only, characters A-Z only, -10.863 to +4.368, etc. The language should also support exact specification of arithmetic operations to be performed for various types (overflow semantics, precision, decimal vs. binary arithmetic, etc.). This is important to ensure the desired behavior is obtained when one changes to a new compiler/interpreter, if only to have a program rejected as requiring behavior not supported on the new compiler or operating system. Check out the Hermes programming language <http://www.research.ibm.com/people/d/dfb/hermes-publications.html>, which not only does such checks, but in many cases can do the checks statically, and refuse to compile unsafe programs. This mechanism is called typestate checking <http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=typestate+checking&btnG=Search>., which IMHO is one of the most interesting extensions of static type checking for both safety and performance. The bad news is that Hermes, while it has many great safety features, is another dead programming language. That's the problem with programming language design: there are LOTS of great programming languages out there, and approximately none of them have the critical mass of compilers, tools, and (most important) programmers to make them viable for most projects. The good news is that Hermes is among the sources that Java looted; some of the typestate checking features ended up in the Java bytecode checker. Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ CTO, Immunix http://immunix.com
Current thread:
- Programming languages used for security Wall, Kevin (Jul 09)
- Re: Programming languages used for security Fabien (Jul 09)
- Re: Programming languages used for security ljknews (Jul 09)
- Re: Programming languages used for security Crispin Cowan (Jul 09)
- RE: Programming languages used for security David Crocker (Jul 09)
- Re: Programming languages used for security Crispin Cowan (Jul 09)
- Re: Programming languages used for security Dana Epp (Jul 10)
- Re: Programming languages used for security Crispin Cowan (Jul 10)
- RE: Programming languages used for security David Crocker (Jul 10)
- Re: Programming languages used for security der Mouse (Jul 10)
- Re: Programming languages used for security Crispin Cowan (Jul 09)
- Re: Programming languages used for security der Mouse (Jul 10)
- <Possible follow-ups>
- RE: Programming languages used for security Wall, Kevin (Jul 10)
- Re: Programming languages used for security James Walden (Jul 10)
- RE: Programming languages used for security Wall, Kevin (Jul 10)