Re: "Perfect" or "Provable" security both crypto and non-crypto?

From: Mok-Kong Shen (mok-kong.shen_at_t-online.de)
Date: 09/18/04


Date: Sat, 18 Sep 2004 09:55:07 +0200


Roger Schlafly wrote:
> "Valery Pryamikov" <Valery@nospam.harper.no> wrote
>
>>ops, you were talking about buggy program that put data in a blob instead
>>of separate fields... In that case runtime only ensures that no data would
>>be written outside the blob. (sorry for my prev. post)
>
>
> Yes, a buggy program. All these problems come from buggy
> programs.

What means are there for a designer of a PL to prevent
people to write buggy programs?? If, say, the specification
of an application is to compute the sum of two values but
the programmer writes a program to compute their difference,
what on earch could a PL, compiler or runtime do to prevent
the error from occurring?? These couldn't know nor correct
the faults in the logical thinking of the programmer! That's
why any buffer overrun consequences couldn't be considered
a problem/fault of the PL, compiler or runtime, if the entire
environement provided to the programmer is such that proper
checking of types (including array bounds) are done and
exceptions are properly raised. I thus also don't understand
why Pryamikov in a later post said that he revised his opinion
stated in a follow-up to Wagner.

M. K. Shen



Relevant Pages