[cap-talk] C vs. Safety

Baldur Johannsson zarutian+cap-talk at gmail.com
Thu Aug 7 13:44:39 CDT 2008

>> Hmm... isnt static safety as unsolvable as the famous halting problem?
>> That is the question: does program p ever do anything unsafe?
> It is certainly NOT as unsolvable as the halting problem.
You are correct.
If we imagine the possible controlflow of an program as an graph then
clearly programs that have indeterminable loops (example: while (true)
{ doSomething(); })
are cyclic graphs while programs that dont have such loop are acyclic graphs.
But that is whole another oiltanker of worms.

>> and what exactly is safety in this context, please?
> Thanks. By safety, here, I mean "type safety", and therefore "memory
> reference safety".
as far as I understand typing is that it is mostly about typing of datums.
What is datum typing about most generally?
I would say which operations on datums of certain type are allowed and other

Unforgable memory reference is nothing more, in my eyes, than an type of
datum, an pointer (which is nothing more than an virtual memory address),
 that cant be converted from other types of datums, especially literal datums.

> There are many safety properties that cannot be statically checked. Type
> safety *can* be statically checked for a suitably designed language.
> Safety is different from security, but safety is generally a
> precondition to security in any language-based security scheme,
>  because language-based security tends to rest on the type system,
I agree with that.
>  which in turn guards the integrity of the virtual machine.
> A program that can violate the type system can compromise the
> virtual machine, and can therefore  violate any other safety property
> we might care to name.
Depends if the virtual machine runs the program directly on the same substrate
as itself runs or if it runs the program by interpreting each
instruction of the program.

The latter can be done on any hardware but its cost is many vm
instructions per each
program instruction so the former is preferred due to speed.

ps. if this message doesnt make any sense then I must apologize as it
was very late when
I wrote it. So dont hesitate ask for clarifications.

More information about the cap-talk mailing list