Re: Programming languages used for security

[Crispin Cowan <crispin () immunix com>]

ljknews wrote:


Such typing should include specification by the programmer of the range
of values allowed in variables: -32767 to +32767, 0 to 100, 1 to 100,
Characters a-z only, characters A-Z only, -10.863 to +4.368, etc.

The language should also support exact specification of arithmetic
operations to be performed for various types (overflow semantics,
precision, decimal vs. binary arithmetic, etc.).  This is important
to ensure the desired behavior is obtained when one changes to a
new compiler/interpreter, if only to have a program rejected as
requiring behavior not supported on the new compiler or operating
system.
 

Check out the Hermes programming language 
<http://www.research.ibm.com/people/d/dfb/hermes-publications.html>, 
which not only does such checks, but in many cases can do the checks 
statically, and refuse to compile unsafe programs. This mechanism is 
called typestate checking 
<http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=typestate+checking&btnG=Search>., 
which IMHO is one of the most interesting extensions of static type 
checking for both safety and performance.


The bad news is that Hermes, while it has many great safety features, is 
another dead programming language. That's the problem with programming 
language design: there are LOTS of great programming languages out 
there, and approximately none of them have the critical mass of 
compilers, tools, and (most important) programmers to make them viable 
for most projects.


The good news is that Hermes is among the sources that Java looted; some 
of the typestate checking features ended up in the Java bytecode checker.


Crispin

--
Crispin Cowan, Ph.D.  http://immunix.com/~crispin/
CTO, Immunix          http://immunix.com