[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Writing libraries for C programs using Guile Scheme

From: Mateusz Kowalczyk
Subject: Re: Writing libraries for C programs using Guile Scheme
Date: Sat, 08 Mar 2014 03:50:49 +0000
User-agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.1.0

On 08/03/14 00:32, Mark H Weaver wrote:
> Mateusz Kowalczyk <address@hidden> writes:
>> I doubt that going from a single inherently unsafe but bloody fast
>> language to slightly less unsafe but much slower language is an
>> advantage here…
> "Slightly less unsafe"?  Seriously?

Sure. You get rid of pointer arithmetic which is the beg evil in C but
you lose any kind of static typing. It's about as safe as Python, Ruby
and whatever new and hip dynamic language is popular today: not a whole lot.

>> Do you feel like you can provide correctness proofs for your
>> implementations of such security critical libraries? Scheme isn't
>> exactly the safest language.
> If you'd like to write a new TLS (or other widely-used security
> critical) library in Haskell, along with formal and verifiable
> correctness proofs, and that would be easy enough to use from programs
> written in other languages such that it could actually make a viable
> replacement for GnuTLS et al, that would be a great contribution to our
> community, and I would *sincerely* thank you for it.

I didn't mention Haskell anywhere and neither am I the one posting on
the list saying I'll rewrite these libraries. What I _am_ saying is that
the original poster is considering rewriting security-critical libraries
without stating how the same (and new) bugs are going to be avoided. I'm
simply curious how the security of new libs is going to be assured
because Guile is not exactly a proof assistant where just writing the
program means it's probably correct and you'd be deluded to say otherwise.

> However, what I've mostly seen from you is negativity and FUD about
> Scheme and Guile, both here and on IRC.  That is _not_ appreciated.

I don't remember posting any FUD on the lists or IRC about Scheme or
Guile, no matter what I personally think about it. The only things I did
is point out errors or lack of scrutiny over the libraries people
announce sometimes, you being amongst them (and in fact my assumptions
being correct; would you rather have broken libs?). I don't care if you
like me or not but at least don't make shit up. If you have any specific
issues then address them either on IRC or in a separate thread rather
than trying to attack me here.

>      Mark

Mateusz K.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]