Wall, Kevin wrote:

My vary reason for posing these questions is to see if there is any
type of consensus at all on what mechanisms / features a language
should and should not support WITH RESPECT TO SECURE PROGRAMMING.
For example, you mentioned garbage collection. To that I would add
things like strong static typing, encapsulation that can not be
violated, very restrictive automatic type conversion (if allowed
at all), closed "packages" or libraries or some other programming
unit, elegant syntax and semanatics (oops, said I wouldn't go
there ;-), etc.

In the past few days (actually, all through my career), I've hear a
lot of gripes about what people think is wrong regarding languages,
but little in terms of what they think is valuable.

Off the top of my head, I'd like some of the features you mentioned, like

   Garbage collection
   Static typing (with no auto conversions, but with type inferencing)
   Secure encapsulation

I'd also add a rich set of data types, including:
Numeric types with restrictions as Larry Kilgallen mentioned earlier and unlimited precision types
Arrays (bounds-checked)
Associative arrays (aka hashes)
Unions (as in ocaml, not C, which will also provide enumerated and boolean types)
Functions (first-class functions)
XML (like Xen)

I also want a taint checking feature like perl's, as a general purpose language has to communicate with external programs which don't share its data types, like web servers sending CGI parameter strings or databases receiving SQL query strings.

As for syntax, I want to be able to use functional, imperative, or object-oriented techniques as best fit my problem domain.

James Walden, Ph.D.
Visiting Assistant Professor of EECS
The University of Toledo @ LCCC

Reply via email to