[Cryptography] Ada vs Rust vs safer C

John Denker jsd at av8n.com
Wed Sep 21 18:22:03 EDT 2016 

On 09/21/2016 12:56 PM, Florian Weimer wrote:

> We need (reasonably) hard evidence which of the many open issues
> actually matter, and based on that, determine the direction to move
> in.

Agreed.

> Currently, no one has that kind of data (and is willing to share).

Well, there is "some" data.  For example:

  Baishakhi Ray, Daryl Posnett, Vladimir Filkov, Premkumar T Devanbu
  "A Large Scale Study of Programming Languages and Code Quality in Github"
  Proceedings of the 22Nd ACM SIGSOFT International Symposium
    on Foundations of Software Engineering (2014)
  http://macbeth.cs.ucdavis.edu/lang_study.pdf

Abstract:

>> What is the effect of programming languages on software quality?
>> This question has been a topic of much debate for a very long time.
>> In this study, we gather a very large data set from GitHub (729
>> projects, 80 Million SLOC, 29,000 authors, 1.5 million commits,
>> in 17 languages) in an attempt to shed some empirical light on
>> this question. This reasonably large sample size allows us to use a
>> mixed-methods approach, combining multiple regression modeling
>> with visualization and text analytics, to study the effect of language
>> features such as static v.s. dynamic typing, strong v.s. weak typing on
>> software quality. By triangulating findings from different methods,
>> and controlling for confounding effects such as team size, project
>> size, and project history, we report that language design does have a
>> significant, but modest effect on software quality. 

The observed effect is very modest indeed.

[snip]

>> these modest effects arising from language design are overwhelm-
>> ingly dominated by the process factors such as project size, team
>> size, and commit size.

The article includes references to other work on the same topic.
Some consider the productivity issue, not just the incidence of
bugs.

You can quibble with all this data, but I reckon imperfect data
is better than no data.

Presumably there are other parts of the software development process
that are more important than the choice of language.

----------

Also NASA has coding rules for life-critical and mission-critical
software.
  http://lars-lab.jpl.nasa.gov/JPL_Coding_Standard_C.pdf

Most "modern" language architects would consider this to be
the Luddite approach:  No recursion, no dynamic allocation
of variables, et cetera.  However the NASA guys seem to think
this is the "only" way they can "guarantee" correct execution.
It's not some passing fad;  they've been doing it this way
for years.

It does not fully solve the problem.  For example:
  https://en.wikipedia.org/wiki/Mars_Climate_Orbiter
That was a loss on the order of 300 million dollars.

----------------------

Probably the biggest issue is this:  Most developers don't care
very much about reliability or security.  The motto of Silicon
Valley is "ready, fire, aim".  That is, get /something/ out the
door fast, and (maybe) tune it up later.

This has got to change.  Maybe it will.  Sony says the 2011 PSN
hack cost them 175 million dollars.  At some point shareholders
are going to demand that people clean up their act.

The existence of botnets that could easily DDoS the entire internet
is just intolerable.  At some point somebody is going to impose a
duty of care on the vendors, to require them to make sure this
cannot happen.  By way of analogy:  To operate a car on public
roads, it must meet safety standards.  You also need insurance
and a licensed driver.  Now imagine enforcing similar standards 
on anything that connects to the public network.

More information about the cryptography mailing list