A “Safe” programming language is a much larger and more complex topic.
When we talk about the safe programming language then it depends on what are you trying to protect and from whom.
Software reliability has a significant impact on our economy. Making software reliable is also one of the most challenging problems, primarily because of the inherent complexity of large software systems. Do you think the software relibility is heavily dependent on Programming language, lets move to that part.
Dynamically typed languages :
Strongly typed languages :
They do not permit the usage of values as different types; they are rigorous about detecting incorrect type usage, either at runtime for dynamically typed languages, or at compile time for statically typed languages. Ada, Java, ML, and Oberon are examples of strongly typed languages.
Weakly typed languages :
They do not strictly enforce type rules, they often allow the undefined behavior and unsafe behavior if types are assigned incorrectly. C, assembly language, C++, and Tcl are examples of weakly typed languages.
Java is a strongly, statically typed language. C is a weakly, statically typed language. Python is a strongly, dynamically typed language.
Some Examples of weakness with the programming languages:
- Â A perfect example is the PHP worm NeverEverSanity. Although, this worm gave PHP a bad name the problem was not actually PHP fault they say the problem existed with the lack of URLencoding on form validation.
- Â One should be able to read a program easily. Perl is very hard to read, “Write Once, Read Never.”
- Â PostgreSQL (in 7.4) moved plpython to plpythonu (the ‘u’ is for unstrusted). Python can still be embedded and used as a Procedure Language (like Oracle’s PL/SQL). Also, It is “Safe” to do so in that it works great. However, the scripts can potentially do bad things if programmed to do so.
- Â Microsoft is using C which is unsafe,It has been known that C is an insecure language. An Operating System written in C cannot make any assurances about security. C code is prone to buffer overflows, dangling pointer errors, and many other problems which can lead to security vulnerabilities.
I think the Operating system is the most crutial factor as When we open a program in Unix or Windows , the operating system checks can restrict the programs behaviour and can determine the nature of that file.
The flaws in the operating system :
- Â Doesnâ€™t allow different policies for different programs
- Â No flexibility over what is monitored
- Â Operating System decides for everyone and hence can not monitor inexpensive operations.
When we say any language is Safe then following should be considered:
- Â Language is designed so that (accidental) program bugs are likely to be caught by the compiler or run-time environment
- Â AÂ safe language protects every computational primitive, e.g.,Â +, *, if, vector-lookup, record dereference.
- Â Safety guarantees errors are caught
- Â Safety greatly increases effectiveness of debugging
- Â Safety is not just TYPE checking
- Â Programming Language should not give the direct memory access (e.g., pointers)
- Â Structured control flow
- Â Programming language should protect you from malicious code.
- Â Type-safety, namespace scopes, pre-compiler code checking, and syntax are the aspects which can make programming language safer
- Â With all open source languages, the level of threat is exposed so in case of open source languages extra care is needed.
- Â The language either needs to have garbage collection or place other restrictions on the allocation and deallocation of memory.
- Â The language must not allow dangling pointers across structurally different types to exist.
Which of these does C/C++ have, The answer is none of these.
Do you think that Java is the first language to have most ofÂ them, The answer is no, LISP had most of them in 1960.
Considering these points we can categorise the languages, Unsafe and Safe.
Unsafe – Fortran,C,C++,Perl
Safe – Python,Java
Do you think we can build the programming language having the mentioned points ?
Probably not ……..