From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,d275ffeffdf83655 X-Google-Attributes: gid103376,public X-Google-Thread: f5d71,d275ffeffdf83655 X-Google-Attributes: gidf5d71,public X-Google-Thread: 146b77,d275ffeffdf83655 X-Google-Attributes: gid146b77,public X-Google-Thread: 109fba,d275ffeffdf83655 X-Google-Attributes: gid109fba,public From: Tucker Taft Subject: Re: Ada vs C++ vs Java Date: 1999/02/05 Message-ID: <36BB746E.B1A8AF8@averstar.com>#1/1 X-Deja-AN: 441163093 Content-Transfer-Encoding: 7bit Sender: news@inmet.camb.inmet.com (USENET news) X-Nntp-Posting-Host: houdini.burl.averstar.com References: <369C1F31.AE5AF7EF@concentric.net> <369DDDC3.FDE09999@sea.ericsson.se> <369e309a.32671759@news.demon.co.uk> <77ledn$eu7$1@remarQ.com> <77pnqc$cgi$1@newnews.global.net.uk> <8p64spq5lo5.fsf@Eng.Sun.COM> <77t3ld$nou$1@nnrp1.dejanews.com> <79ce4s$lfq$1@nnrp1.dejanews.com> <79chc7$ko6@drn.newsguy.com> Content-Type: text/plain; charset=us-ascii Organization: AverStar (formerly Intermetrics) Burlington, MA USA Mime-Version: 1.0 Newsgroups: comp.lang.ada,comp.lang.c++,comp.vxworks,comp.lang.java Date: 1999-02-05T00:00:00+00:00 List-Id: mike wrote: > ... > C++ now, after becoming a standard, and with the standard library is a > very safe language. It is correct to say that you can now write safe programs in C++. But C++ is not a safe language, in that many of the basic "building blocks" of the language are not safe. In fact, because the "defaults" were mostly inherited from C, the "default" building blocks are almost all unsafe. For example: By default in C++ (and C): arrays -- no bounds checking pointers -- not default initialized, no checking for null when dereferenced arithmetic -- no overflow checking cast -- no checking for inappropriate "narrowing" casts "class" parameters -- passed by copy; "chopped" off (run-time type identity lost) address-of ("&") operation -- no protection from dangling references In a "safe" language, the defaults (at least) are safe. There may be escape hatches for certain low-level programming situations. On the other hand, in C/C++, the defaults are generally unsafe, though "safe" abstractions exist. This means that programmers can program safely (if they are diligent). However, when faced with a large body of C/C++, it is generally infeasible to systematically find all the places where an unsafe operation might be used. In a safe language, a small mistake does not result in loss of safety. Only going out of your way to use an unsafe escape hatch (if they exist at all) can result in loss of safety. Even in a large program, it is straightforward to find all uses of escape hatches. One might say that the degree of safety inherent in a language is directly related to the ease of locating all uses of potentially unsafe features. In C and C++, this is notoriously difficult. > mike -- -Tucker Taft stt@averstar.com http://www.averstar.com/~stt/ Technical Director, Distributed IT Solutions (www.averstar.com/tools) AverStar (formerly Intermetrics, Inc.) Burlington, MA USA