From mboxrd@z Thu Jan 1 00:00:00 1970 From: tfb@tfeb.org (Tim Bradshaw) Date: Thu, 1 Sep 2016 22:47:15 +0100 Subject: [TUHS] Comments on "C" In-Reply-To: <20160901091746.1F3734422E@lignose.oclsc.org> References: <20160901091746.1F3734422E@lignose.oclsc.org> Message-ID: <267C9862-54F7-4A38-B59C-7FC59C7BD0F1@tfeb.org> On 1 Sep 2016, at 10:17, Norman Wilson wrote: > Flon's > Axiom, for 35 years my favourite one-liner about > programming and languages: > > There does not now, nor will there ever, exist a > programming language in which it is the least bit > hard to write bad programs. I think this is almost trivially true (in the same sense that, say, general relativity is almost trivially true once you see it): if there are complicated problems to solve, then programming languages are either powerful enough to represent the solution or they can't solve the problem. If they are powerful enough then that power can be used to write horrid programs, if they're not then they die out, at least as general-purpose languages. To turn my earlier comment around, Lisp is a fantastic example of this: modern Lisps (really, Scheme) mandate tail-call elimination as part of the language, which is clearly this lovely pure thing to do which can only make programs better. Well, in a language with tail-call elimination, some (but, of course, not all) function calls can be treated as gotos which pass arguments, and isn't goto meant to be bad? So now add full continuations and any half-educated person like me can write the sort of tiny opaque horror which it would take someone really deep understanding to write in C, say. That being said (and note I *like* C, a lot), what proportion of security problems are undetected buffer overflows? Less than it used to be, I hope.