Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

The Importance of Type Safety

From: andrews at rbacomm.com (Brad Andrews)
Date: Mon, 23 Mar 2009 16:58:30 -0500

It may not always be true, but languages with stronger type safety  
normally also have a larger execution overhead.  This is somewhat  
unavoidable since the extra checking to make sure the types match does  
take machine cycles.  Of course the compiler can enforce a lot of  
these rules, so some of the performance hit could be at compile time,  
but it is still there.

In addition, you lose some flexibility.  Its kind of like swimming  
with water wings (to continue my pool analogy).  You are much less  
likely to drown, they limit what you can do at the same time.  You are  
not likely to pick up too many things off the bottom of the pool with  
water wings on, unless you are really creative and strong.

The flexibility in C/C++ remains there for a reason - it is helpful to  
at least some sorts of problems.  It may or may not be the best for  
security, but it is a "cost" that should be considered as well as  
compile or run-time performance.

Does this help?

Brad

Quoting AF <securecoding at nxtg.net>:


Brad Andrews wrote:

[..]
Perhaps we will get to a world where all the "management overhead"
doesn't matter, but until then, the extra cost for type safety should
be weighed against other factors, not just discounted out of hand.


Hi Brad,
Could you please explain what you mean by "the extra cost for type safety"?
Previous By Date Next
Previous By Thread Next

Current thread: