From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,
	REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4
X-Google-Thread: 103376,af0c6ea85f3ed92d
X-Google-NewGroupId: yes
X-Google-Attributes: gida07f3367d7,domainid0,public,usenet
X-Google-Language: ENGLISH,ASCII-7-bit
Received: by 10.68.226.10 with SMTP id ro10mr17683171pbc.6.1329821954417;
        Tue, 21 Feb 2012 02:59:14 -0800 (PST)
Path: 
 wr5ni50995pbc.0!nntp.google.com!news2.google.com!goblin1!goblin2!goblin.stu.neva.ru!aioe.org!.POSTED!not-for-mail
From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Newsgroups: comp.lang.ada
Subject: Re: Arbitrary Sandbox
Date: Tue, 21 Feb 2012 11:59:01 +0100
Organization: cbb software GmbH
Message-ID: <dxl451gxnz4u.ubh29watl6ot.dlg@40tude.net>
References: <bfeb9869-9323-4ad5-bdf8-af20593734ef@q8g2000pbb.googlegroups.com>
 <2aaee0a4-e820-4a75-bbaf-d9d09c366d2c@f5g2000yqm.googlegroups.com>
 <4da4bf75-e6c9-4c17-9072-ab6f533ed93f@vd8g2000pbc.googlegroups.com>
 <jh7739$9os$1@munin.nbi.dk>
 <203d63cf-42a9-49ef-82cd-943d77b5e438@c21g2000yqi.googlegroups.com>
 <jhh6qr$9av$1@munin.nbi.dk>
 <e10bf38c-3c48-4fa4-bb0a-e61211aee90d@f30g2000yqh.googlegroups.com>
 <193cr8xol0ysi.14p4cp2yxnb0r$.dlg@40tude.net>
 <op.v9veuwe6ule2fv@douda-yannick>
 <1jleu301thnd3$.s23priwn3ajb$.dlg@40tude.net>
 <wccobswc6ob.fsf@shell01.TheWorld.com>
 <18o3vqsl9uy2$.a3m68cg8ysro.dlg@40tude.net>
 <wccvcn1nl0x.fsf@shell01.TheWorld.com>
 <1fkgdlidn0v80$.kjvkmk7y29vo$.dlg@40tude.net> <m2mx8c1p8o.fsf@pushface.org>
Reply-To: mailbox@dmitry-kazakov.de
NNTP-Posting-Host: FbOMkhMtVLVmu7IwBnt1tw.user.speranza.aioe.org
Mime-Version: 1.0
X-Complaints-To: abuse@aioe.org
User-Agent: 40tude_Dialog/2.0.15.1
X-Notice: Filtered by postfilter v. 0.8.2
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Date: 2012-02-21T11:59:01+01:00
List-Id: <comp.lang.ada>

On Tue, 21 Feb 2012 09:59:19 +0000, Simon Wright wrote:

> "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> writes:
> 
>> On Mon, 20 Feb 2012 18:27:10 -0500, Robert A Duff wrote:
> 
>>> If U_C etc. causes trouble, use Java.  Or use a subset of Ada that
>>> doesn't allow such features.  I really can't imagine a sensible way
>>> to use such features and check them at run time.
>>
>> Of course there is. Do you remember the last time U_C crashed Windows
>> or Linux?
> 
> An application can easily trash my data without crashing the OS.

Is this a reason why it should better crash the OS as well?

Anyway, Ada (and all other languages) have a null-safety model of software
decomposition. It is frequently repeated that you can always shoot yourself
in the foot in Ada. So anticipating this argument: shooting yourself is not
same as being shot by someone else. We are increasingly using components
while there is no way to secure them keeping the interfaces at high level.
At present level of complexity and growing, the software is too fragile.
The effects of bugs and faults are unbounded. Static checks and enforced
insulation are means to address this unimportant problem...

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de