Wall, Kevin wrote:
My vary reason for posing these questions is to see if there is any type of consensus at all on what mechanisms / features a language should and should not support WITH RESPECT TO SECURE PROGRAMMING. For example, you mentioned garbage collection. To that I would add things like strong static typing, encapsulation that can not be violated, very restrictive automatic type conversion (if allowed at all), closed "packages" or libraries or some other programming unit, elegant syntax and semanatics (oops, said I wouldn't go there ;-), etc.
In the past few days (actually, all through my career), I've hear a
lot of gripes about what people think is wrong regarding languages,
but little in terms of what they think is valuable.
Off the top of my head, I'd like some of the features you mentioned, like
Garbage collection Static typing (with no auto conversions, but with type inferencing) Secure encapsulation
I'd also add a rich set of data types, including:
Numeric types with restrictions as Larry Kilgallen mentioned earlier and unlimited precision types
Strings
Lists
Arrays (bounds-checked)
Associative arrays (aka hashes)
Unions (as in ocaml, not C, which will also provide enumerated and boolean types)
Functions (first-class functions)
XML (like Xen)
I also want a taint checking feature like perl's, as a general purpose language has to communicate with external programs which don't share its data types, like web servers sending CGI parameter strings or databases receiving SQL query strings.
As for syntax, I want to be able to use functional, imperative, or object-oriented techniques as best fit my problem domain.
-- James Walden, Ph.D. Visiting Assistant Professor of EECS The University of Toledo @ LCCC http://www.eecs.utoledo.edu/~jwalden/ [EMAIL PROTECTED]
