Search Mailing List Archives
[liberationtech] [tor-talk] Programming language for anonymity network
tedks at riseup.net
Fri Apr 18 10:41:11 PDT 2014
1. OCaml is more obscure than many languages, but it supports
programming in imperative, object-oriented, and functional
styles (though it's obviously best suited for a functional
style). I've seen people write Java in OCaml and produce clean,
2. OCaml is used in industrial environments (it's gotten pretty
popular on Wall Street) and in open-source projects; the
toolchain is mature and the community is vibrant.
3. OCaml is memory safe, but more importantly, it's type safe, and
its type system is capable of encoding a great deal of your
program's correctness. It will take some time to get your
program to compile, but when it does you have a much stronger
assurance that your program is correct than you do in C, C++, or
4. OCaml compiles to native code; I'm not sure if deterministic
builds have been done but they should be possible.
5. (Performance, the hidden elephant in every language discussion
room) The OCaml team takes security seriously, and OCaml is
performance-competitive with C. OCaml does tail-call
elimination, so you can write programs functionally that are
6. (Weaknesses) OCaml has a global lock due to its garbage
collection, so parallel programming has to be done with
processes. This is (IMO) cleaner than in similar situations like
Python, but is obviously suboptimal.
I'd highly recommend reading through this blog series, chronicling a
developer picking OCaml as the language to rewrite a large Python
open-source project in. It doesn't have the same focus as you, but it
goes over various reasons why someone might switch to OCaml, and
introduces some OCaml features:
On Fri, 2014-04-18 at 10:26 +0200, Stevens Le Blond wrote:
> We are a team of researchers working on the design and implementation of
> a traffic-analysis resistant anonymity network and we would like to
> request your opinion regarding the choice of a programming language /
> environment. Here are the criteria:
> 1) Familiarity: The language should be familiar or easy to learn for
> most potential contributors, as we hope to build a diverse community
> that builds on and contributes to the code.
> 2) Maturity: The language implementation, tool chain and libraries
> should be mature enough to support a production system.
> 3) Language security: The language should minimize the risk of security
> relevant bugs like buffer overflows.
> 4) Security of runtime / tool chain: It should be hard to
> inconspicuously backdoor the tool chain and, if applicable, runtime
> To give two concrete examples:
> Using the C language + deterministic builds is an attractive option with
> respect to 1), 2) and 4), but doesn’t provide much regarding 3).
> Java does better with respect to 3), however, it trades some of 3) and
> 4) as compared to C. Specifically, we are concerned that large runtimes
> may be difficult to audit. A similar argument may apply to other
> interpreted languages.
> Given these criteria, what language would you choose and for what
> reasons? We would also appreciate feedback regarding our criteria.
> All the best,
> David, Nick, Peter, Stevens, and William
Sent from Ubuntu
More information about the liberationtech