From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.4 X-Received: by 10.43.156.13 with SMTP id lk13mr12810354icc.29.1402330028188; Mon, 09 Jun 2014 09:07:08 -0700 (PDT) X-Received: by 10.182.176.99 with SMTP id ch3mr10934obc.38.1402330028000; Mon, 09 Jun 2014 09:07:08 -0700 (PDT) Path: eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!news.eternal-september.org!news.eternal-september.org!feeder.eternal-september.org!feeder.erje.net!eu.feeder.erje.net!news.glorb.com!a13no219707igq.0!news-out.google.com!qf4ni19596igc.0!nntp.google.com!h3no417067igd.0!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail Newsgroups: comp.lang.ada Date: Mon, 9 Jun 2014 09:07:07 -0700 (PDT) In-Reply-To: Complaints-To: groups-abuse@google.com Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=71.252.147.203; posting-account=zwxLlwoAAAChLBU7oraRzNDnqQYkYbpo NNTP-Posting-Host: 71.252.147.203 References: <3bf7907b-2265-4314-a693-74792df531d1@googlegroups.com> <51e9fd4f-e676-4d2f-9e21-1c782d71092e@googlegroups.com> <5391ffa4$0$6611$9b4e6d93@newsspool4.arcor-online.net> <53942fa4$0$6670$9b4e6d93@newsspool3.arcor-online.net> <234602fb-4571-4b4d-b16c-7a4984511fe4@googlegroups.com> User-Agent: G2/1.0 MIME-Version: 1.0 Message-ID: <529e9460-0a3f-476b-9aa4-178dca653a20@googlegroups.com> Subject: Re: a new language, designed for safety ! From: "Dan'l Miller" Injection-Date: Mon, 09 Jun 2014 16:07:08 +0000 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Xref: news.eternal-september.org comp.lang.ada:20190 Date: 2014-06-09T09:07:07-07:00 List-Id: On Monday, June 9, 2014 2:06:27 AM UTC-5, Dmitry A. Kazakov wrote: > The language-invented methods here are unsafe because it is not what the > programmer would normally expect calling them [*]. Thus in both cases the > languages are unsafe. > [...snip...] > * Robert's definition of unsafety formulated differently: unexpected > behavior from familiar syntax ["misuse"]. [Unexpected /=3D undefined] No, Dmitry, that is my definition formulated differently, not Robert's. Ro= bert's definition that I was critiquing (and that, in effect, you too are c= ritiquing) hinges on *undefined* behaviors in the language specification (a= nd constantly remembering to not evoke them is a battle-hardened badge of h= onor in C & C++ culture). *Unexpected* behaviors that are well-defined as = required in the Ada language specification are, by definition, not *undefin= ed* in Ada---hence the key point of departure from Robert's excessively-nar= row definition of "unsafe". Unexpected behaviors resulting from familiar s= yntax are a category of defect that can go unnoticed in a shipped product a= nd cause harshly-deliterious outcomes---hence the coverage by my definition= of "unsafe" evoking Nancy Leveson's system-engineering school of thought o= n safeware http://en.wikipedia.org/wiki/Nancy_Leveson. In my definition of= "unsafe", for brevity and to drive home a crucial safety point, I rename "= harshly-deliterious outcomes" to be bodily injury and/or death. (Btw, why fast-forward safety in software to bodily injury and death? The c= oncept of safety becomes too politically muddled for clear thinking if deba= te goes off on tangents when the set of harshly-deliterious outcomes includ= es legal liability, company's financial loss, user's financial loss, and ot= her harshly-deliterious outcomes that depend on socioeconomic philosophy [w= hich some readers might not share] rather than the more-instinctual moral l= aws of don't hurt people and don't kill people [which I hope all readers sh= are].)