Re: Rewrite cvsup & portupgrade in C

From: cpghost <cpghost_at_cordula.ws>
Date: Thu, 8 Jul 2004 14:38:23 +0200 (CEST)
> >> 	I'm confused.  Once these applications are in binary form, what 
> >> difference does it make what language they were written in?
> >
> > HUGE!  Well maybe not HUGE, but huge.  Languages such as Ada and Modula-3
> > actually do bounds checking on arrays, for instance.  The safety and
> > correctness of an application running depends on the language it is
> > written in.  We should have a LOT less buffer overflows if an application
> > language were used for web servers, mail servers, and other network
> > daemons.
> 
> This has always puzzled me. If, as the supporters of Ada, Modula, Oberon
> and so on claim, that the language an application is written in matters
> that much, why don't we see a mail server or other network daemons
> written in those languages? Aren't the people who know those languages
> interested in contributing to a secure system?

Performance perhaps? Features such as array bounds checking (available
in C++ as well, for example in the at() member of the vector<> class
template) always take additional CPU cycles and incur a performance hit.
This may not be very important for small loads, but it doesn't scale well
in high performance environments. This problem is independant of the CPU
horsepower, by the way.

I'm not even referring to compiled vs. (byte-code) interpreted languages
(that would be unfair). Even with compiled languages like Ada and Modula-3,
bounds checking does slow things down (a bit). It is always good to have a
way to turn it off, after you've squashed off-by-one errors etc.

Actually, there are some network daemons written in Perl, Python, Java, ...
probably also in Ada or Modula-3. They are great for their intended use,
but they are generally not used in production environments with high
requirements.

Oh, of course, it's easier to find C/C++ programmers to maintain a C or
C++ program. Using more exotic languages may be a good academic exercise,
but for IT management, it's a pain in the neck in the long run.

> Hilsen Harald.

-cpghost.

-- 
Cordula's Web. http://www.cordula.ws/
Received on Thu Jul 08 2004 - 10:38:59 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:00 UTC