From: digitalkevlar@gmail.com
Subject: Re: Rust's temporal safety for Ada/SPARK
Date: Sun, 14 May 2017 09:46:04 -0700 (PDT)
Date: 2017-05-14T09:46:04-07:00 [thread overview]
Message-ID: <1c0e2c7c-4fd6-43d1-9848-f03e1a72bcb3@googlegroups.com> (raw)
In-Reply-To: <cf1c1eb7-61cf-4ee5-8837-d4a95f95a4ba@googlegroups.com>
@ Robert Eachus
"There are some cases that require run-time checking, and most programmers consider code that needs run-time checking as a bug"
I can see why they'd avoid such constructions if their tooling couldn't prove them safe. If another tool can, though, then I'm thinking it's a bug in Ada in that Ada's model or tools can't handle that analysis at compile-time. Something worth fixing with R&D. That's why I'm trying to assess what Ada can do currently in this area. Several other languages knock this problem out at compile time. They're functional, logical, and imperative. So, I know it is feasible in general case.
@ All
Niklas Holsti's post shows he understands what capability I'm describing. Rust code can be shown free of double-free's and dangling-pointers at *compile-time* with *no runtime checks or GC*. It does it with just a few simple rules. Here's the simplest, shortest description I could find to save you all time:
https://stackoverflow.com/questions/36136201/how-does-rust-guarantee-memory-safety-and-prevent-segfaults
Those are combined with "traits"... or something else in language... to allow race-free concurrency. Instead of mandating one model for language, various models of concurrency are defined in libraries to let you use model easiest for your problem. Language's ownership model & borrow-checker ensures they're all memory-safe and race-free along with any code using them. So, you get these guarantees even in multi-threaded code doing many allocations and de-allocations of memory dynamically. New developers do have a hard time fighting with the borrow-checker early on. My meta-analysis of their comments indicates much of it is intrinsic to safely handling ownership and borrowing of references that C and GC'd languages didn't teach them. The tool just enforces rules (i.e. affine types) known to work. Learning curve is about 1-2 months of practice until they say borrow-checker rarely has problems with their code.
So, can someone today use Ada in a straight-forward way to write single- or multi-threaded applications that are, in every use-case, totally immune at compile-time to use-after-free and double-free errors with zero, runtime overhead? Or can it not do that?
next prev parent reply other threads:[~2017-05-14 16:46 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-13 20:33 Rust's temporal safety for Ada/SPARK digitalkevlar
2017-05-13 21:19 ` Jeffrey R. Carter
2017-05-14 10:19 ` Niklas Holsti
2017-05-15 19:07 ` Simon Wright
2017-05-15 19:30 ` Jeffrey R. Carter
2017-05-17 21:21 ` moy
2017-05-14 3:24 ` Robert Eachus
2017-05-14 16:46 ` digitalkevlar [this message]
2017-05-14 17:18 ` Dmitry A. Kazakov
2017-05-14 17:36 ` Jeffrey R. Carter
2017-05-14 19:59 ` Niklas Holsti
2017-05-14 20:43 ` Simon Wright
2017-05-15 7:27 ` Dmitry A. Kazakov
2017-05-14 22:20 ` Dennis Lee Bieber
2017-05-15 16:23 ` Jeffrey R. Carter
2017-05-15 23:19 ` Randy Brukardt
2017-05-16 16:45 ` Shark8
2017-05-16 21:36 ` Randy Brukardt
2017-05-16 23:37 ` Shark8
2017-05-14 21:28 ` moy
2017-05-15 22:59 ` digitalkevlar
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox