((( [logo]Racket )))Need Help?
AboutDownloadDocumentationPLaneTCommunityLearning

[plt-scheme] Why do folks implement statically typed languages?

From: Matthias Felleisen (matthias at ccs.neu.edu)
Date: Thu May 31 17:20:06 EDT 2007		 

On May 31, 2007, at 5:13 PM, Robby Findler wrote:

> My experience teaching programmers suggests that they have no idea of
> how to predict the performance of their programs, and thus there is a
> natural bias against using such functions, even when there is no
> performance issue.
>
> Also, IMO, basic safety is so ... well ... basic that I believe the
> unchecked versions shouldn't even exist (I'd be willing to have
> versions without the runtime overhead if there are static guarantees
> that they cannot fail, of course).


The question is not one of individual functions being safe and  
allowing programmers to create safe programs if they so wish. Instead  
it is a question of providing a safe language so that all programs in  
the language guarantee the "safety" property.

And yes, safety is basic. It's universal and shallow but it is a  
threshold that a language should pass in this day and age. The  
concept is 40+ years old and it is an embarrassment that a huge chunk  
of computing infrastructure was intentionally build atop an unsafe  
language.

-- Matthias









>
> Robby
>
> On 5/31/07, Grant Rettke <grettke at acm.org> wrote:
>> > On May 31, 2007, at 11:46 AM, Noel Welsh wrote:
>> >
>> > > Just came across this:
>> > >
>> > >  http://www.sans-ssi.org/top_three.pdf
>> > >
>> > > It lists the top 3 errors causing security holes.  They are:
>> > >
>> > > 1. Using unvalidated user input.
>> > > 2. Buffer overflow
>> > > 3. "Handling integers incorrectly"
>>
>> Buffer overflows usually mean folks aren't thinking about the fact
>> that other folks are sending malicious data (I'm not going to  
>> touch on
>> the reasons for this). There are safe C functions that address this.
>> For example:
>>
>> http://www.gratisoft.us/todd/papers/strlcpy.html
>> _________________________________________________
>>   For list-related administrative tasks:
>>   http://list.cs.brown.edu/mailman/listinfo/plt-scheme
>>
> _________________________________________________
>  For list-related administrative tasks:
>  http://list.cs.brown.edu/mailman/listinfo/plt-scheme
Posted on the users mailing list.