Re: Programming languages used for security

[ljknews <ljknews () mac com>]

At 8:49 AM -0500 7/9/04, Wall, Kevin wrote:

>   If a GENERAL PURPOSE programming language were designed by
>   scratch by someone who was both a security expert and
>   programming language expert, what would this language (and
>   it's environment) look like?
>
>   More specifically,
>
>      + What set of features MUST such a language support (e.g.,
>        strong static typing, etc.)?

Such typing should include specification by the programmer of the range
of values allowed in variables: -32767 to +32767, 0 to 100, 1 to 100,
Characters a-z only, characters A-Z only, -10.863 to +4.368, etc.

The language should also support exact specification of arithmetic
operations to be performed for various types (overflow semantics,
precision, decimal vs. binary arithmetic, etc.).  This is important
to ensure the desired behavior is obtained when one changes to a
new compiler/interpreter, if only to have a program rejected as
requiring behavior not supported on the new compiler or operating
system.

>      + Perhaps just as importantly, what set of features should
>        the language omit (e.g., pointer arithmetic, etc.)?
>      + What functionality should the accompanying libraries support
>        (e.g., encryption, access control, etc.)?
>      + What would be the optimal paradigm (from a theoretical, rather
>        than pragmatic perspective) that such a language would fit into
>        (e.g., object-oriented, functional, imperative, logic programming,
>        etc.)? [Note: I mention "theoretical, rather than pragmatic" so
>        that such a language would be unduly influenced by the fact that
>        presently developers familiar with OO and imperative styles vastly
>        out number all the others, with functional coming up a distant
>        3rd.]
>      + (Related to the previous item) Would such a language be compiled
>        or interpreted or something in between.

-- 
Larry Kilgallen