Spec#, nullables and more

Fri Nov 26 19:57:07 PST 2010

Daniel Gibson Wrote:

> Rainer Deyke schrieb:
> > On 11/26/2010 10:28, Bruno Medeiros wrote:
> >> Yes, Walter's statement that it is impossible for a null pointer to
> >> cause a security vulnerability is (likely) incorrect.
> >> But his point at large, considering the discussion that preceded the
> >> comment, was that null pointers are utterly insignificant with regards
> >> to security vulnerabilities.
> > 
> > I really hate this way of thinking.  Security vulnerabilities are binary
> > - either they exist or they don't.  Every security vulnerability seems
> > minor until it is exploited.
> > 
> > Yes, some security vulnerabilities are more likely to be exploited than
> > others.  But instead of rationalizing about how significant each
> > individual security vulnerability is, isn't it better to just fix all of
> > them?
> > 
> > (I know, I'm a hopeless idealist.)
> > 
> 
> Of course you should fix all of them, but the (sensible) language level support 
> to prevent them may vary.
> e.g. buffer overflows are a huge problem, so D has builtin index checking for 
> arrays and such.
> Null Pointer dereference exploits are - as far as I know - only relevant in 
> kernel code and if mmaping to NULL is possible. So it's probably not a common 
> problem in D code and people who write code that may be affected can take care 
> themselves.

Even if eliminating unnecessary NPEs or segfaults doesn't prevent many significant security problems, it can improve the user experience in tremendous ways.

I'm an embedded / qt / android software engineer working on Linux. My (graphical) tools experience random segfaults in the range of tens of times per a single work day. Reloading the same tools over and over again and restoring the lost data may actually waste almost 10% of my daily work time. Imagine if the industry lost 10% of its income because of sloppy tools written in too low level languages, would that make the feature significant enough?

Instead of using automatic GUI builders and such, the tools we use are often hand written C or C++. Why these happen? We forget to initialize or fail to track the lifetime properly.