Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!asuvax!noao!arizona!gudeman
From: gudeman@cs.arizona.edu (David Gudeman)
Newsgroups: comp.lang.misc
Subject: Re: Dynamic typing (part 31,497)
Message-ID: <2024@optima.cs.arizona.edu>
Date: 17 Apr 91 03:42:50 GMT
Sender: news@cs.arizona.edu
Lines: 27

In article  <3857@ssc-bee.ssc-vax.UUCP> David M Geary writes:
]
]  ...  There is no question that
]a dynamically typed language increases the risk that an error may occur during
]runtime that the software is not prepared to handle.

There certainly is a question about that.  I claim that dynamically
typed languages _reduce_ the risk that such an error may occur.  And
I've been claiming that for a month now, but people seem to forget it
two replies later.

Every time I see something like "I use statically typed languages for
security..." I grit my teeth and heroically try not to hit the
follow-up key (with more-or-less success).  No one has yet presented
anything resembling evidence that the above is a true statement. 

My argument is that: (1) the type errors that are caught by static
typing are the easiest kind of errors to find by testing -- so static
type checking is of no real value for product security.  And (2) the
complex declarations required by static typing can be sources of
hard-to-find errors.  (Complex declarations does not mean the
requirement to declare the types of variables, but of structures and
generic functions.)
--
					David Gudeman
gudeman@cs.arizona.edu
noao!arizona!gudeman