From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,
	REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4
Path: 
 border2.nntp.dca3.giganews.com!backlog4.nntp.dca3.giganews.com!border1.nntp.dca.giganews.com!nntp.giganews.com!goblin1!goblin2!goblin.stu.neva.ru!aioe.org!.POSTED!not-for-mail
From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Newsgroups: comp.lang.ada
Subject: Re: a new language, designed for safety !
Date: Tue, 10 Jun 2014 09:44:56 +0200
Organization: cbb software GmbH
Message-ID: <175rkz49juygw.xi2489vgfaoa$.dlg@40tude.net>
References: <lmj8s6$hhp$1@speranza.aioe.org>
 <3bf7907b-2265-4314-a693-74792df531d1@googlegroups.com>
 <wccha40e9zh.fsf@shell01.TheWorld.com> <lmpcc6$ivv$1@speranza.aioe.org>
 <wccfvjj3rqf.fsf@shell01.TheWorld.com>
 <51e9fd4f-e676-4d2f-9e21-1c782d71092e@googlegroups.com>
 <5391ffa4$0$6611$9b4e6d93@newsspool4.arcor-online.net>
 <bveg7aFc4f7U1@mid.individual.net>
 <53942fa4$0$6670$9b4e6d93@newsspool3.arcor-online.net>
 <wccppijmrmf.fsf@shell01.TheWorld.com>
 <234602fb-4571-4b4d-b16c-7a4984511fe4@googlegroups.com>
 <dd6nu9ls6msj$.1838cmwpoosqb$.dlg@40tude.net>
 <bvkv3nFm04nU1@mid.individual.net>
 <f4e70jy7x2gb$.tim06x2va6mm$.dlg@40tude.net>
 <529e9460-0a3f-476b-9aa4-178dca653a20@googlegroups.com>
Reply-To: mailbox@dmitry-kazakov.de
NNTP-Posting-Host: QTaafVZuunHujkJPndFR7g.user.speranza.aioe.org
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Complaints-To: abuse@aioe.org
User-Agent: 40tude_Dialog/2.0.15.1
X-Notice: Filtered by postfilter v. 0.8.2
X-Original-Bytes: 4518
Xref: number.nntp.dca.giganews.com comp.lang.ada:186797
Date: 2014-06-10T09:44:56+02:00
List-Id: <comp.lang.ada>

On Mon, 9 Jun 2014 09:07:07 -0700 (PDT), Dan'l Miller wrote:

> On Monday, June 9, 2014 2:06:27 AM UTC-5, Dmitry A. Kazakov wrote:
>> The language-invented methods here are unsafe because it is not what the
>> programmer would normally expect calling them [*]. Thus in both cases the
>> languages are unsafe.
>> [...snip...]
>> *  Robert's definition of unsafety formulated differently: unexpected
>> behavior from familiar syntax ["misuse"].
> 
> [Unexpected /= undefined]
> No, Dmitry, that is my definition formulated differently, not Robert's. 
> Robert's definition that I was critiquing (and that, in effect, you too
> are critiquing) hinges on *undefined* behaviors in the language
> specification (and constantly remembering to not evoke them is a
> battle-hardened badge of honor in C & C++ culture).  *Unexpected*
> behaviors that are well-defined as required in the Ada language
> specification are, by definition, not *undefined* in Ada---hence the key
> point of departure from Robert's excessively-narrow definition of
> "unsafe".  Unexpected behaviors resulting from familiar syntax are a
> category of defect that can go unnoticed in a shipped product and cause
> harshly-deliterious outcomes---hence the coverage by my definition of
> "unsafe" evoking Nancy Leveson's system-engineering school of thought on
> safeware http://en.wikipedia.org/wiki/Nancy_Leveson.  In my definition of
> "unsafe", for brevity and to drive home a crucial safety point, I rename
> "harshly-deliterious outcomes" to be bodily injury and/or death.

You draw a line between objectively and subjectively unexpected behavior.
That does not much matter from the software design point of view [*]. The
effect is same. The programmer assumes one thing and the effect is
different.

Consider a perfectly defined language with all behavior specified which is
so cryptic that nobody could use it *safely*. E.g. Brainf*ck. Would you
call such a language safe?

> (Btw, why fast-forward safety in software to bodily injury and death? The
> concept of safety becomes too politically muddled for clear thinking if
> debate goes off on tangents when the set of harshly-deliterious outcomes
> includes legal liability, company's financial loss, user's financial loss,
> and other harshly-deliterious outcomes that depend on socioeconomic
> philosophy [which some readers might not share] rather than the
> more-instinctual moral laws of don't hurt people and don't kill people
> [which I hope all readers share].)

The problem is in proving that it was the software at fault, and if the
responsible acted accordingly to the standard practices, the fault could
have been prevented. But the standard practices are crap, and proving
anything about crappy software is more difficult than developing it anew.
And the next line of defence is that the software is newer actually sold,
it is bundled, licensed, free.

---------
* When human beings get involved, subjective becomes objective.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de