« prev · plain text · next »       2002 · Erik Naggum comp.lang.lisp archive       search · random

Subject: Re: Declaring type of top-level (special) variables?
From: Erik Naggum <erik@naggum.net>
Date: Fri, 12 Apr 2002 22:20:27 GMT
Newsgroups: comp.lang.lisp
Message-ID: <3227638826875433@naggum.net>

* Adam Warner
| I guess this means by using DECLARE I could create programs with
| unintended security holes (buffer overflows, etc.)

  No.  Please hold your conclusions until you know what kinds of things are
  declared in Common Lisp.  For your edification: Through all my years of
  Common Lisp study and use, approaching 15, now, I have never seen or
  heard of any security-related problems in Common Lisp systems that could
  be traced back to misdeclaring types, and you would have to go to such
  lengths to be able to overflow a buffer that it had to be done with full
  intent and premeditation, not by the kind of accident that produces
  security holes in languages that require serious effort to aim your
  high-powered machine gun away from your feet. 

| Certainly not the kind of functionality I was looking for (where I could
| enforce a specific type on a variable).

  Well, this is not how Common Lisp declarations work in the first place.

  What do you want to happen?  Should the compiler yell at you for not
  storing the appropriate type of object in a variable?  That is simply not
  how Common Lisp systems work, either.

  For the time being, please ignore declarations completely.  They have
  much more potential to confuse you than to illuminate you at this point.
  It might be instructive to regard every function as returning objects of
  type t and every caller as passing objects of type t, and to think about
  what this would do to your code.  When you have thought about this for a
  while, you realize what it takes to implement a Common Lisp system in
  safe mode, and why it is a fantastic feature of the language that you can
  ex(ect the language substrate to catch all of your violations for you.
  You should therefore not even _try_ to request anything less than maximum
  safety until you have learned to write code that is equeally defensive
  yourself.  If you include the following in all your source files, you
  should never have any problems:

(declaim (optimize safety))

  When you have learned to write safe code yourself and know how to ensure
  that your functions operate within a world of known types, you can start
  declaring your types and turning the safety down.  If you find that you
  need better performance, you are jumping the gun.  The Common Lisp way is
  to write correct code before you write fast code.  If you spend only half
  as much time as you would getting fast C++ code correct on making correct
  Common Lisp code fast, you would get approximately equally good
  performance, so this is not the overall loss that it seems to be to
  someone who is used to writing fast and incomplete or incorrect code.

///
-- 
  In a fight against something, the fight has value, victory has none.
  In a fight for something, the fight is a loss, victory merely relief.

  Post with compassion: http://home.chello.no/~xyzzy/kitten.jpg