[E-Lang] Re: expression-style syntax is insecure? (was: multiple-domain language, plus Super Newbie is lost without "The Dot" (was: down with `define' (was: newbie syntax: picayune points from a prejudiced programmer)))

[Marc Stiegler]

> With the default being ":any", authority can be accidentally leaked
> from code in an unintentional return value.  With the default being
> ":void", then authority does not unintentionally leak from a ":void"
> function, but it *does* still unintentionally leak from an ":any"
> function, for example:

An intriguing observation. Actually, my experiences to date do not support a
belief that this problem in principle is a problem in practice. But I would
not mind if markm required the "return" keyword in the body of the method.

However, this still doesn't get rid of the type declaration in the prolog of
the method definition, where the absence of a type declaration still has to
default to "void". Another of the reasons for putting the type declaration
there--another reason I find compelling on its own--is security auditing.
For the security auditor, having the type declaration in the method prolog
is an enormous (I believe required) benefit. It also reduces by a comparable
factor the amount of security auditing that must be done during maintenance:
if you don't change the return type, frequently you can end the audit right
there (or rather, you can focus your scarce auditing resources on parts of
the system more likely to have enabled a breach).

So I could endorse

def add(a,b) :integer {return (a + b)}

or

def add(a,b) returns integer {return(a+b)}

but not

def add(a,b) {return (a + b)}

Which probably means you yourself don't really want any of the alternatives
I could support :-)

--marcs