On Mon, Jul 15, 2013 at 3:09 PM, David Jeske <[email protected]> wrote:
> On Mon, Jul 15, 2013 at 1:56 PM, Jonathan S. Shapiro <[email protected]>wrote: > >> >> I'm actually very disturbed that somebody might build the language you >> describe. From a computer security perspective, C and C++ are part of the >> problem we need to conclusively eliminate. > > > Now this I don't get. I respect your aims. However, advocating for the > replacement of systems with others that are demonstrably inferior in many > ways (overhead, performance, responsiveness) is the tail wagging the dog. > The onus falls on all-of-us to build a system which is so much better in > all of these ways it is flocked to. To do otherwise is just tilting at > windmills. > I don't agree. I agree that it would be good to build a language that people will flock to. That said, I think there is an economic reality to consider right now: every C program imposes a tax on it's neighbors in the form of insecurity. Right now, that's a transfer cost that the victims, rather than the perpretrators, are paying. Please note that I'm speaking very literally here - it's a transfer cost in actual dollars. Just yesterday there was a major newspaper article about bug bounties. The * average* price to learn of a zero-day bug is approaching $30,000. If we could get the money for 100 of those put into concurrent GC, I bet we could make one hell of a difference. Beyond that, I also think there is insufficient attention to allocation-free idioms. The fact that people work in a certain way today doesn't mean that it is a good way. So: I agree that we need a language that people will self-select, but the societal cost of C and C++ code is such that those languages *need* to go. By legislation if no other way will do it. > In my idealistic heart, I want the mythical Apache 2.0 licensed > cross-platform CLR + Azul/Zing no-pause GC to be the solution that ends > C-development. However, my engineer mind knows that even in that fantastic > system, which I do think would be a much more capable C/C++ competitor > today, GC tracing work is proportional to pointer-count and > program-duration. There are certain programs for which that model can not > equal C performance. And then there is the fact that the mythical system > does not exist. > > I'll take this point up separately.
_______________________________________________ bitc-dev mailing list [email protected] http://www.coyotos.org/mailman/listinfo/bitc-dev
