Secure Coding mailing list archives

RE: Programming languages used for security

From: "Wall, Kevin" <Kevin.Wall () qwest com>
Date: Sat, 10 Jul 2004 21:51:03 +0100

David Crocker wrote:

Whilst I agree that the distinction between specification and
programming languages is not completely clear cut, there is
nevertheless a fundamental difference between specification
and programming.

In a programming language, you tell the computer what you want
it to do, normally by way of sequential statements and loops.
You do not tell the computer what you are trying to achieve.

[snip]

In a specification language, you tell the computer what you are
trying to achieve, not how to achieve it. This is typically done
by expressing the desired relationship between the input state
and the output state. The state itself is normally modelled at
a higher level of abstraction than in programming (e.g. you
wouldn't refer to a hash table, because that is implementation
detail; you would refer to a set or mapping instead).


I'm sorry, but I don't quite see how this description sufficiently
delineates between declarative programming languages (such as
SQL, various logic and functional prog langs (Prolog, ML, Haskell,
Miranda, etc.)) from specification languages.

Do you consider them declarative programming languages and specification
languages one in the same? (Note: PLEASE, let's not turn this into a
discussion of language X is / is not a declarative programming
language, especially since the last time I used Prolog was in 1989
and the others I've only read about and/or wrote a few toy
programs. ;-)

My impression always has always been that a declarative programming
language is a high-level language that describes a problem rather
than defining a solution, but that pretty much sounds like your
definition of a specification language.

-kevin wall
---
Kevin W. Wall           Qwest Information Technology, Inc.
[EMAIL PROTECTED]       Phone: 614.215.4788
"The reason you have people breaking into your software all 
over the place is because your software sucks..."
 -- Former whitehouse cybersecurity advisor, Richard Clarke,
    at eWeek Security Summit

Current thread:

Re: Programming languages used for security, (continued)
- - Re: Programming languages used for security Crispin Cowan (Jul 09)
- RE: Programming languages used for security David Crocker (Jul 09)
  - Re: Programming languages used for security Crispin Cowan (Jul 09)
    - Re: Programming languages used for security Dana Epp (Jul 10)
    - Re: Programming languages used for security Crispin Cowan (Jul 10)
    - RE: Programming languages used for security David Crocker (Jul 10)
    - Re: Programming languages used for security der Mouse (Jul 10)
  - Re: Programming languages used for security der Mouse (Jul 10)
- RE: Programming languages used for security Wall, Kevin (Jul 10)
  - Re: Programming languages used for security James Walden (Jul 10)
- RE: Programming languages used for security Wall, Kevin (Jul 10)