If you needed any more evidence that memory safety is the future...

Moritz Maxeiner via Digitalmars-d digitalmars-d at puremagic.com
Wed Mar 8 04:42:37 PST 2017 

On Tuesday, 7 March 2017 at 22:07:51 UTC, XavierAP wrote:
> On Tuesday, 7 March 2017 at 21:24:43 UTC, Moritz Maxeiner wrote:
>> [...]
>
> D does not claim to be memory-safe always.It does afaik do so 
> within @safe environments (barring internal runtime or compiler 
> bugs of course). Even C# has the same approach of allowing 
> "unsafe" environments.

And as I've pointed out before, if your safe code can call 
hidden, unsafe code it doesn't even know about then your 
guarantees mean nothing and you're back to trusting programmers.

>
>>>> [...]
>>>
>>> Does anybody try to refute it? Safe languages are not 
>>> rejected for their safety.
>>
>> Right now, of course not, since the burden of proof is on the 
>> side advocating memory safety (i.e. us).
>
> I don't agree on the burden of proof. It is a safe assumption 
> that if you increase safety checks, safety will be improved.

If those safety checks actually get applied to those parts that 
need them (i.e. by the programmers writing programs in that 
language), I'd probably agree. But there's no guarantee that that 
is the case, as your friend, hidden unsafe code, is still there.
Besides that, it's a hypothesis, and like with *all* of them the 
burden of proof lies with the people proposing/claiming it.

> It cannot or needn't be proven. If someone proposes installing 
> railing in a stairway, or a fence along a railway, to decrease 
> accidents, who would demand this to be proven?

A person with a good sense of engineering (or for that matter the 
scientific method) in them ought to demand that both your 
railing, as well as your fence get proven to actually deal with 
the kinds of issues they are supposed to deal with before 
approving their installation.
Which is what institutions like [1] are for with regards to 
material engineering products.
Doing anything else is reckless endangerment since it gives you 
the feeling of being safe without actually being safe. Like using 
@safe in D, or Rust, and being unaware of unsafe code hidden from 
you behind "safe" facades.

>
> Plus statistics can prove nothing -- this logical truth cannot 
> be overstated.

It's called empirical evidence and it's one of the most important 
techniques in science[2] to create foundation for a hypothesis.

[1] 
https://en.wikipedia.org/wiki/Technischer_%C3%9Cberwachungsverein
[2] http://www.juliantrubin.com/bigten/millikanoildrop.html

More information about the Digitalmars-d mailing list