Indeed. The only quotes I ever had in a CS publication were some non-CS quotes at the start of chapters of my PhD thesis.
No. They have to win for each target individually. And they may have to do so repeatedly. That is a completely different situation.
I was just pointing out that nobody is going to attack normal keyboards successfully, because there is nothing in there that can be attacked.
Oh? And which language implementations do you know that actually have such a proof? For real world languages and implementation, the number is likely "zero" as most languages do not have a formal specification that could be used as starting point in the first place.
And here is one more hint from the real world: Nobody proves compiler correctness using formal methods for real languages, because nobody can pay the huge amount of money that would cost or wait the few decades it would take. Instead there is this thing called "testing".
BS. A formal specification is needed if you want to use automated theorem proving to prove properties of the language or if you want to generate compilers automatically. For specifying how an implementation works, you need an exact specification, but that can well be (and usually is) an informal one.
Come on people, does nobody know basic CS terms anymore?
That is BS. In order to create a second implementation, you need an _exact_ specification. It being a formal specification is completely optional.
That is not possible. The English language is not a formal specification language and hence does not allow the creation of formal specifications using it. ANSI C does not have a formal specification.
A formal specification is a specification done in a formal specification language. There is no other meaning of that term. The people claiming they are doing a "formal" specification likely confused this with "exact". These two concepts are orthogonal. A formal specification can be inexact (or even unsound), while an informal specification can be exact (and sound).
A "formal standard" is something else, it usually refers to a more-or-less exact and complete _informal_ specification that is uniquely identified by its designation. The main difference is that in theory, you could check a formal specification for soundness using an automated theorem prover. Or you could automatically generate a compiler from it. An informal (but possibly exact) specification does not allow that, as it needs a human in the loop.
You cannot do formal specifications that way. A formal specification must always be done in a formal specification language, or it is not a formal specification. As I have pointed out, you can do exact non-formal specifications and that is what C and C++ have.
I should also add that what they are doing is at best a "semi-formal specification". Still pretty clunky.
Yes, very much so. Most languages do not have formal specifications.
First, almost nobody can read a formal language specification with any reasonable degree of fluency. And second, an informal (but exact) specification does a much better job.
For example, my keyboard has exactly 256 Bytes of FLASH storage. And if you put malware in there (which it is too small for), it loses its keymap. So "most" is really "some, and in particular devices modified for this" here. In addition, this attack need to be customized for each specific device, which is expensive. And many devices are not even reprogrammable without circumventing MCU protection bits.
This is mostly a non-issue with regular devices.
Not necessarily. In most cases at least respectable researchers have a tech-report variant on the web. Also, who checks quotes in CS?
Sorry, for the person I have this observation from, 1000 was actually on the lower end of what he needed. And yes, that was the right approach to the problem. He then found Java was a toy pretending to be a professional tool.
He ended up using processes and shared memory, which was a lot more complicated but did not suffer from extreme slowdown above a few hundred threads. Erlang would have been a viable alternative.
I also did say that this capability of Erlang was "special purpose". So what do you complain about?
The author really has no clue. He also doe snot understand what static and dynamic typing means and that it is orthogonal to weak and strong typing. Or that whether you have GC or not is not necessarily dependent on the language. You can attach a GC to C and have it working reasonably well.
This article was written by an incompetent wannabe.