Subject: Re: torvalds
From: Ben_Tilly@trepp.com
Date: Mon, 22 Oct 2001 11:07:43 -0400


Ben Laurie wrote:
> Mark Eichin wrote:
[...]
> > Some of the unease may come from it being C code.  There is lots of
> > *leverage* in working with C code [one flaw of the Free Software
> > space: Free Software has massive opportunities for code reuse, but
> > eww, so much of it is C or C++...] but wow, the phrase "criminal
> > negligence" leaps to mind, and I've been doing it for 16 years...
>
> I'm sure I'll regret this, but ... what language do you think kernels
> should be written in?

Why not Common Lisp? :-)

OK, there are a lot of things to say for using C for writing kernels.
But still I agree with Mark's point.  Microsoft's valiant efforts to
enthrone their "integration model" notwithstanding, the single biggest
source of security holes for each year of the last decade is the lowly
buffer overflow.  And it will continue to be so for as long as C and
C++ remain dominant programming languages.

It is hard to write buffer overflows if you are programming in any
language which does automatic allocation and memory management for you.
Sure there is overhead for that.  But as a result you do NOT have
widespread issues with buffer overflows in code written in any of the
following languages (to name a few well-known ones):

- Common Lisp
- Eiffel
- Emacs Lisp
- Haskell
- Java
- Objective Caml
- Perl
- Python
- Ruby
- Scheme
- Smalltalk
- TCL
- Visual Basic

My apologies if your favorite language is missing from the list.  And
in a hopeless effort to avoid flame wars, I have placed these in
alphabetical order, and included both ones I like and dislike...

Cheers,
Ben