Date: Thu, 8 Jul 2004 14:38:23 +0200 (CEST) From: cpghost <cpghost@cordula.ws> To: harald@skogtun.org Cc: freebsd-current@freebsd.org Subject: Re: Rewrite cvsup & portupgrade in C Message-ID: <20040708123823.01F534AC29@fw.farid-hajji.net> In-Reply-To: <87eknn9yoi.fsf@basilikum.skogtun.org> (message from Harald Arnesen on Thu, 08 Jul 2004 01:37:17 %2B0200) References: <E1Bhd1M-000KEo-Nz@smp500.sitetronics.com> <200407062323.02854.kirk@strauser.com> <20040707043251.GA35651@troutmask.apl.washington.edu> <200407062345.24117.kirk@strauser.com> <20040707070012.GC38356@dragon.nuxi.com> <p06002039bd11631ca135@[10.0.1.3]> <87eknn9yoi.fsf@basilikum.skogtun.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> >> I'm confused. Once these applications are in binary form, what > >> difference does it make what language they were written in? > > > > HUGE! Well maybe not HUGE, but huge. Languages such as Ada and Modula-3 > > actually do bounds checking on arrays, for instance. The safety and > > correctness of an application running depends on the language it is > > written in. We should have a LOT less buffer overflows if an application > > language were used for web servers, mail servers, and other network > > daemons. > > This has always puzzled me. If, as the supporters of Ada, Modula, Oberon > and so on claim, that the language an application is written in matters > that much, why don't we see a mail server or other network daemons > written in those languages? Aren't the people who know those languages > interested in contributing to a secure system? Performance perhaps? Features such as array bounds checking (available in C++ as well, for example in the at() member of the vector<> class template) always take additional CPU cycles and incur a performance hit. This may not be very important for small loads, but it doesn't scale well in high performance environments. This problem is independant of the CPU horsepower, by the way. I'm not even referring to compiled vs. (byte-code) interpreted languages (that would be unfair). Even with compiled languages like Ada and Modula-3, bounds checking does slow things down (a bit). It is always good to have a way to turn it off, after you've squashed off-by-one errors etc. Actually, there are some network daemons written in Perl, Python, Java, ... probably also in Ada or Modula-3. They are great for their intended use, but they are generally not used in production environments with high requirements. Oh, of course, it's easier to find C/C++ programmers to maintain a C or C++ program. Using more exotic languages may be a good academic exercise, but for IT management, it's a pain in the neck in the long run. > Hilsen Harald. -cpghost. -- Cordula's Web. http://www.cordula.ws/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040708123823.01F534AC29>