[E-Lang] Reliance & Static Security Checking

Karp, Alan alan_karp@hp.com
Fri, 5 Jan 2001 09:10:02 -0800

Well, I clearly missed your point.  Your "rely" is a declarative statement
intended for static checking, as you clearly stated; mine is an operational
one, and I referred to run time checking.  Let's declare it my first stupid
remark of the year

We have a policy of allowing each person 3 really stupid remarks per meeting
(at the level of 2+2=3), and we don't like it when people never make any.
Our philosophy is that you'll never say anything smart if you're afraid of
saying something stupid.  We just declare it stupid, everyone has a good
laugh, and we move on. We avoid going down a lot of rat holes that way.

I do have one question about your example.  What does it mean to declare
rely(Foo) in one place and suspect(Foo) in another?  Either Foo obeys the
contract, or it does not.  I had thought that "suspect" propagated the way
taint does in Perl, but I don't see that in your example.  Is that your

Alan Karp
Principal Scientist
Decision Technology Department
Hewlett-Packard Laboratories MS 1U-2
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-6278