safety model in D
Andrei Alexandrescu
SeeWebsiteForEmail at erdani.org
Thu Nov 5 13:35:34 PST 2009
Rainer Deyke wrote:
> Andrei Alexandrescu wrote:
>> First off: _all_ languages except C, C++, and assembler are or at least
>> claim to be safe. All. I mean ALL. Did I mention all? If that was some
>> ideology that is not realistic, is extremely difficult to achieve, and
>> ends up too painful to use, then such theories would be difficult to
>> corroborate with "ALL". Walter and I are in agreement that safety is not
>> difficult to achieve in D and that it would allow a great many good
>> programs to be written.
>
> You're forgetting about all other system programming languages.
[citation needed]
> Also,
> many of these claims to safety are demonstrably false.
Which?
>> The text is very approachable and informative, and I suggest anyone
>> interested to read through page 5 at least. I think it's a must for
>> anyone participating in this to read the whole thing. Cardelli
>> distinguishes between programs with "trapped errors" versus programs
>> with "untrapped errors". Yesterday Walter and I have had a long
>> discussion, followed by an email communication between Cardelli and
>> myself, which confirmed that these three notions are equivalent:
>>
>> a) "memory safety" (notion we used so far)
>> b) "no undefined behavior" (C++ definition, suggested by Walter)
>> c) "no untrapped errors" (suggested by Cardelli)
>
>
> They are clearly not equivalent. ++x + ++x has nothing to do with
> memory safety. Conversely, machine language has no concept of undefined
> behavior but is clearly not memory safe. Also, you haven't formally
> defined any of these concepts, so you're basically just hand-waving.
Memory safety is defined formally in Pierce's book. Undefined behavior
is defined by the C++ standard. Cardelli defines trapped and untrapped
errors.
Andrei
More information about the Digitalmars-d
mailing list