[cap-talk] definition of the term "safe language"

Mike Samuel mikesamuel at gmail.com
Fri Apr 9 13:48:04 PDT 2010


2010/4/9 Jonathan S. Shapiro <shap at eros-os.org>:
> On Fri, Apr 9, 2010 at 10:03 AM, Mike Samuel <mikesamuel at gmail.com> wrote:
>> "Safe language" as you define it is a useless term to me.
>
> "Safe Language" is a useless term to *anyone*, as it fails to tell us
> "safe with respect to WHAT".

Fair enough.
As I asserted earlier in this thread. a language can be safe with
respect to some of its abstractions and unsafe with respect to others,
so it need not be a binary distinction.
That is why I argued that an ocap language need not be a safe language
-- it only need be safe w.r.t. the abstractions that preserve the ocap
guarantees, such as unforgeability of object references, object
privacy, and lack of ambient access to syscalls, etc.
So memory-safe can be a useful term, ocap-safe can be a useful term;
when not defined in terms of obscure properties of the spec.


> shap
>


More information about the cap-talk mailing list