Thursday, September 4, 2008

Functional Programming Offers Better Security to Software than Procedural Programming

Click here for Free Industry Resources!

More and more experienced computer software programmers are realizing the importance of Functional Programming. 

One great advantage that Functional Programming have is that they offer better security to software. 

Functional Programming offers better security than Imperative Programming such as Procedural Programming or Object-oriented programming.  

This is because Functional Programming, according to most computer scientists or computer software engineers, lacks any sort of "Side Effects". 

In Imperative or Procedural Programming "side effects" are employed so that the program actually functions the way its programed to do so.

The Side Effect depends on the "state" or some hidden information that changes with the progress of the program step by step. 

For example, a function might modify a global or a static variable, modify one of its arguments, write data to a display or file, or read some data from other side-effecting functions. Side effects often make a program's behavior more difficult to predict.

In Imperative or Procedural Programming "side effects" are employed so that the program actually functions the way its programed to do so. 

The Side Effect depends on the "state" or some hidden information which continues to change with the progress of the program while following certain sequential procedure. 

A function could cause side effect by modifying the static or global variable. It could also do so by modifying the arguments or write some data in a file or is displayed or it could be when it reads a data from other side-effecting functions. 

Hence its important for any programming languages to have access to pertinent information regarding the particular "State" which the programmer is not aware of. Such an information on the state is required if the program is to operate accordingly for the desired outcome.

However most often such information about the state remains hidden from the programmer making it very difficult to predict the outcome. 

Its very similar to the frustration of lighting up a bulb using a "three way switching system" as experienced in the real world. 

The bulb would only glow when you pull the switch in a particular direction provided you are aware of the postion of the other switch that's hidden away from view. Only after some trial and error you could possibly figure it out that could make it very irritating indeed.  

In imperative programming such as procedural programming the statements are structured into procedures (that are also referred as as subroutines or functions). 

The in built  programming in the various hardware of computers are all imperative i.e. the machine code is designed in imperative style. 

Thats why it becomes difficult for programmer to know the hidden state of the hardware in which the software is to be installed. 

So when designing the CPU there are instruction side effects which actually modify the internal CPU without explicitly stating it.

Thats why in general the instruction ADD may or may not modify condition variables (carry, zero, overflow, etc) in the status register.

This causes a problem when designing a CPU that has an instruction pipeline and supports instructions with side-effects.

Side Effects often make a program's behavior more difficult to predict. The programmer finds its exceedingly difficult to exactly determine which particular state could be important and those that could be safely ignored or discarded. 

To overcome such difficulty in predicting the particular state most computer languages insists that the programmer add as much of extra code to determine which of the data and parts of the code are to be considered prominent. 

No wonder such imperative programming makes the probability to make mistakes on the part of the programmer all the more.

So while writing the code it's quite likely that some dangerous bugs might appear since it could happen because the programmer failed to determine the various hidden states that are to be managed by the program.

The failures could also happen because of misinterprating the exact nature of each of the states and the relationship enjoyed amongst themselves that are in the collection.   

It could also arise while overlooking  a supposedly insignificant variable that takes up a value during the imperative procedure because of an unexpected input. 

It could also arise because of some typing error when writing the name of some object or variable. 

Sometimes certain bugs could prevent the program to compile or run, which remains undetected to the programmer who created the program for some vital software project. 

However some plucky hacker with malacious intention could quite likely discover such a bug present in the program.  The hacker then works out a strategy to make use of the loophole for clandestine purpose by breaching into the security.

Its much later after considerable damage had been done, does the bug come into surface and the programmer has to once again work all over again to plug the loop holes that's causing the bugs to appear making the software vulnerable to attack. 

Such a problem as seen in an imperative or procedural program such as an object-oriebnted program is minimized to a great extent in case of a Functional Programming language. 

In Functional Code the vraiables are missing. In functional programming with some exceptions in certain cases, is usually a chain of various functions, where the output of one function becomes the input of the other and so on. 

In imperative program its the other way round where the program is depended on the various variables present. It uses variables and vraious complex statements.

Values of varaibles that determines the state is entered as input which are then stored for such variables.

These values of the vraiables are then manipulated in a sequential procedure such as evaluation of complex expressions, consisting of perhaps a combination of various arithmetic operations and function evaluations.  

The procedure in an imperative program may include looping statement and conditional branching. 

Looping statements such as in while loops, do while loops and for loops allow a sequence of statements to be executed as many times it has been specified to carry out. 

Conditional branching statements allow a block of statements to be executed only if some condition is met.

Otherwise, the statements are skipped and the execution sequence continues from the statement following the block.

Unconditional branching statements allow the execution sequence to be transferred to some other part of the program. These include the jump, called "goto" in many languages, and the subprogram, or procedure, call.

Such complexities in programming such as in an imperative programming is not seen in a functional programming. 

Functional programming are considered declarative programming similar to logic programming and constraint programming. 

Declarative programming  is different from imperative programming.

Declarative programming  does not describes how to create something instead it teaches what that something is really like. 

Even HTML web pages are considered as a declarative program. This is because  HTML program  describes what a page should contain, but not how  the page should be displayed on a computer screen.

Since each functional code are predefined and its properties declared so there is no need to create any function since its already meant to give specific results without causing any side effects in doing so. 

The function result value does not depend on any hidden information or state that may change as program execution proceeds. 

The functional is not dependant on any external input such as from I/O devices.

The function always evaluates the same result value given the same argument value(s) and is only dependant on the specific argument values and nothing else, even if its not required for the function to depend on any or all of the arguments. 

Functional programming thus is able to eliminate many of the undesirable problems that may arise while writing the code and keeping the level of errors to the bare minimum. 

That's how functional programming has been able to secure a software better much in contrast to the difficulties that arise in implementing the same using imperative or procedural programming.  

Even though Haskell is considered a highly pure functional language than any LISP based language.  Its totally free of any side effects, and there is no change in the explicit state or state changes at all. Even then Haskell is considered to be impure. 

Pure functional languages are suppose to have algorithms or data structures that does not undergo any kind of modification or update in its state that could cause destruction or make it vulnerable to attacks. 

algorithms, data structures or programming languages that exclude destructive modifications (updates). 

However its important to note that writing pure functional code is simply impossible. 

Most languages can be assigned to one of the following classifications of programming languages:

Lisp is functional, Java is object oriented, C is procedural, and Prolog is declarative.

However none of them are strictly pure as per the above classification.

No comments: