It's Time to Abandon Insecure Languages

Pete Chown Pete.Chown at skygate.co.uk
Sat Jul 20 10:01:46 EDT 2002


James A. Donald wrote:

> ... the remaining ten percent, which you have to 
> deliver in order to ship, involves a large number of horrible 
> hacks which effectively negate all the safety features of the 
> language and environment, take a very long time, and lead to all 
> sorts of problems.

My experience is a bit different.  We have a product that was first
written in C, and was then rewritten in Java.  The Java version took
about a third to half the time to write, and has had far fewer bugs.

The application is multi-threaded.  With the original version we had
endless problems with deadlock, or bad interactions between threads that
would lead to a core dump some distance down the road.  The chance of
finding out what had happened was about zero.  For example, during the
QA process for the last release of the C product, at one point a
deadlock occurred.  The bug report was completely useless because we
never managed to reproduce the problem.  However, bugs don't just go
away, I am sure that various people have run into the same difficulty.

No security-related bugs have turned up in either version, but based on
the bug counts for the products, I am sure that there are many more in
the C version.

I do know what you mean about having to hack things, though.  The Java
version has to run as a service on Windows, and getting this set up has
been very painful.  Although the overall development time has been
shorter, some aspects of it have been much longer.

> Why, I ask, is just about everything that large numbers of people 
> use written largely in these languages [C and C++]?

Two thoughts occur to me here.  The first is that computer technology is
often selected for irrational reasons.  Everyone who has worked in the
business will have had the experience of a non-technical manager making
bad technical decisions.  Also I think a lot of software developers
stick with what they know.  For this reason, the fact that there is a
lot of C around means that it is the language people select.

The other thought is that perhaps C does have more merit than I am
giving credit for.  You've alluded to this by saying that C projects
progress more quickly, but can you think of the specific attribute of C
that makes this happen?  I can't, but if there is something it should be
implemented for other languages too!

-- 
Pete

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list