On 13 October 2011 10:20, Andy Wingo <wi...@pobox.com> wrote: > On Thu 13 Oct 2011 16:26, l...@gnu.org (Ludovic Courtès) writes: > > Anyway this second, proof side of types, is the side that Scheme does > not have. C has a stronger story in that regard.
Lack of types in scheme has made me day-dream about learning ocaml or haskell. My pet peeve about scheme is that, when maintaining old code, its very very hard to just "know" what type some lambda is expecting. And, to me, this makes scheme sometimes very hard to read. very-hard-to-read == bug-prone > This is what I meant when I said that C was dangerous. Programs in > Guile have meanings, even seemingly ill-formed programs like > > ((lambda () x)) > > Because what happens here? You get an exception. What happens in C if > you invoke puts without its argument? You might get a warning, but it > will compile, and at runtime /anything can happen/. > > All programs of a sufficient size have bugs. The question is, what > happens when there is a bug? In Scheme, the answer isn't usually "the > Chinese/American/German government gets to read your email". With C it > is. That is why programming in C is dangerous. If you remember java in 1993-1995, people kept saying that it was safe because impossible to break out of a java "sandbox". Of course, that was wrong: turned out the java sandbox sometimes just had to make library calls/system calls, and when there were incorrectly implemented, then one could break out of the sandbox. I don't see how *any* language can avoid the same security pitfalls that the java "sandbox" suffered from. --linas
