[cap-talk] Type systems

[David Hopwood]

Mark Miller wrote:
> On Dec 12, 2007 3:15 PM, Mathieu Suen <mathieusuen at yahoo.fr> wrote:
>> But can you tell me which security bugs that a static type language
>> can prevent that dynamicaly type system can't?
> 
> A dynamic type system can provide exactly as much integrity (safety,
> consistency) as a static type system. In both cases, integrity
> violations are prevented -- whether statically or at runtime.

I wasn't going to get into this argument (which is largely a religious
debate arising from a false dichotomy between run-time and compile-time
checking), but the above is just too strong a claim.

The issue is, what does the "dynamically typed" language do when it sees a
run-time type error (usually, it throws an exception), and can a security
failure still occur if it does that (yes, if some object is an inconsistent
state at that point, and remains accessible afterward).

If there is any plausible case where a security failure could occur in a
language that does not perform a particular check statically, that would
have been prevented by performing it statically, then we can't claim that
the language has provided *exactly* as much integrity.

-- 
David Hopwood