Secure Coding mailing list archives
The Importance of Type Safety
From: securecoding at nxtg.net (AF)
Date: Thu, 26 Mar 2009 10:45:28 +0100
Actually, I thought you meant "managing costs of development with type safe languages" on the human management aspect (learning, training, design and development time, testing, etc.) and not about pure computer, compiler or runtime performance. On that aspect, I can only agree with you (mostly blindly because I don't have the knowledge to qualify these internals by myself ; ) Thank you for your answer, Antonio Fontes Brad Andrews wrote:
It may not always be true, but languages with stronger type safety normally also have a larger execution overhead. This is somewhat unavoidable since the extra checking to make sure the types match does take machine cycles. Of course the compiler can enforce a lot of these rules, so some of the performance hit could be at compile time, but it is still there. In addition, you lose some flexibility. Its kind of like swimming with water wings (to continue my pool analogy). You are much less likely to drown, they limit what you can do at the same time. You are not likely to pick up too many things off the bottom of the pool with water wings on, unless you are really creative and strong. The flexibility in C/C++ remains there for a reason - it is helpful to at least some sorts of problems. It may or may not be the best for security, but it is a "cost" that should be considered as well as compile or run-time performance. Does this help? Brad Quoting AF <securecoding at nxtg.net>:Brad Andrews wrote:[..] Perhaps we will get to a world where all the "management overhead" doesn't matter, but until then, the extra cost for type safety should be weighed against other factors, not just discounted out of hand.Hi Brad, Could you please explain what you mean by "the extra cost for type safety"?_______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
Current thread:
- BSIMM: Confessions of a Software SecurityAlchemist(informIT), (continued)
- BSIMM: Confessions of a Software SecurityAlchemist(informIT) Florian Weimer (Mar 21)
- BSIMM: Confessions of a Software SecurityAlchemist(informIT) Gary McGraw (Mar 20)
- BSIMM: Confessions of a Software SecurityAlchemist(informIT) ljknews (Mar 21)
- BSIMM: Confessions of a Software SecurityAlchemist(informIT) Steven M. Christey (Mar 22)
- BSIMM: Confessions of a Software SecurityAlchemist(informIT) Gary McGraw (Mar 23)
- The Importance of Type Safety Brad Andrews (Mar 23)
- The Importance of Type Safety Carl Alphonce (Mar 23)
- The Importance of Type Safety AF (Mar 23)
- The Importance of Type Safety Brad Andrews (Mar 23)
- The Importance of Type Safety Jeremy Epstein (Mar 23)
- The Importance of Type Safety AF (Mar 26)
- BSIMM: Confessions of a Software SecurityAlchemist(informIT) Andy Steingruebl (Mar 24)
- BSIMM: Confessions of a Software SecurityAlchemist(informIT) Gary McGraw (Mar 25)
- BSIMM: Confessions of a Software SecurityAlchemist(informIT) Andy Steingruebl (Mar 25)
- BSIMM: Confessions of a Software SecurityAlchemist(informIT) ljknews (Mar 25)
- Message not available
- BSIMM: Confessions of a Software SecurityAlchemist(informIT) Andy Steingruebl (Mar 25)
- BSIMM: Confessions of a Software SecurityAlchemist(informIT) ljknews (Mar 25)
- BSIMM: Confessions of a Software Security Alchemist(informIT) Jim Manico (Mar 20)
- BSIMM: Confessions of a Software Security Alchemist(informIT) Gary McGraw (Mar 20)
- BSIMM: Confessions of a Software Security Alchemist (informIT) John Steven (Mar 20)
- BSIMM: Confessions of a Software Security Alchemist(informIT) Tom Brennan - OWASP (Mar 20)