[M3devel] Heartbleed, initialization, and Modula-3

Rodney M. Bates rodney_bates at lcwb.coop
Fri Jun 6 16:47:15 CEST 2014

On 06/05/2014 03:51 AM, Henning Thielemann wrote:
> Am 05.06.2014 00:39, schrieb Rodney M. Bates:
>> Olaf's recent mention of safe languages and Heartbleed prompted me to
>> look into the specifics of the bug, particularly to see what Modula-3
>> might have done to prevent it.
> My general experience is that a language is only as safe as the programmer wants to. You can add as many safety belts as you like, a careless programmer will always find a way to remove them. I consider the value of safe languages the other way round: A careful programmer can get a lot of security support from a safe language.

Well, I agree.  I have always felt that it was impractical for a language to try to
thwart a programmer determined to undermine its safety features.  It's mainly to
help the programmer who values and wants the help.

> The programmer of the heartbleed bug was criticized for rating performance higher than security and other things. There would have been ways to prevent that bug even in C.

And yet, the biggest problem, IMO, is the sheer volume of things one must be
careful about.  I consider myself extremely careful, yet I continue to make
bugs.  Over the decades, my bug rate per LOC has slowly but steadily declined.
But that has meant I can take on bigger bodies of code, so the bug rate per hour
of my time has probably pretty much held up.

Prior to the last 3 or so years, I kept logs of every bug, classified and
periodically tabulated them.  One thing I found is the distribution has
steadily been skewing more toward simple oversights that I knew perfectly
well better than, leaving the subtle algorithmic bugs less frequent.  I
consider this good news, because it is exactly the huge volume of trivial
little things that a language can help with, leaving more of my limited
attention to those it cannot.

The situation tilts even more in favor of safe languages when doing maintenance.
Here, the information about what needs to be checked-on is just so widely distributed
over so much code.  In practice, it's hardly possible to dig it all out, though
I certainly give it a good try.  A safe language helps immensely.

Rodney Bates
rodney.m.bates at acm.org

More information about the M3devel mailing list