Paul Rubin <http://[EMAIL PROTECTED]> writes:
> Mike Meyer <[EMAIL PROTECTED]> writes:
>> > Generally that sounds reasonable. Obviously there are other examples
>> > when (e.g. for security) you have to make sure that variables can't be
>> > read by other classes, e.g. you have a class that stores a capability
>> > (or a password) in an instance variable, and uses it for privileged
>> > operations.
>>
>> If you can't trust the code that shares your address space, you're in
>> a world of hurt for security. Compile-time restrictions don't matter
>> for squat - you need serious restrictions on what the program can do
>> at runtime.
>
> You need both.
Yup. Any language besides Java even *try* to provide both for a
production environment? Lots of languages do runtime checking that can
be disabled for production compilation - which makes it's worthless in
this case.
Of course, at this point you're no longer talking about a general
purpose programming environment. Language design decisions that are
correct for this environment aren't necessarily correct for general
purpose programming languages. Trying to tweak some exiting general
purpose language to make it suitable for use in the kind of
environment where you can't trust the code you share your address
space with is the wrong way to go about it. You want to design such a
language to fit your secure environment, *after* you've designed that
environment.
At that point, things which are unrelated to the security of the
environment may be more attractive than they would be in a general
purpose programming language. A number of runtime checks have to be in
place to insure that semantics of the language stay "correct". Since
we're going to have those, I would like constructs I can use to ensure
that the semantics of the program stay correct, like function
entry/exit conditions, loop and object invariants, and so
on. Basically, the whole DbC thing.
<mike
--
Mike Meyer <[EMAIL PROTECTED]> http://www.mired.org/home/mwm/
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.
--
http://mail.python.org/mailman/listinfo/python-list
