[cap-talk] definition of the term "safe language"

[Raoul Duke]

On Fri, Apr 9, 2010 at 1:48 PM, Mike Samuel <mikesamuel at gmail.com> wrote:
> That is why I argued that an ocap language need not be a safe language
> -- it only need be safe w.r.t. the abstractions that preserve the ocap
> guarantees, such as unforgeability of object references, object
> privacy, and lack of ambient access to syscalls, etc.
> So memory-safe can be a useful term, ocap-safe can be a useful term;
> when not defined in terms of obscure properties of the spec.

i'm puzzled how "an ocap language need not be a safe language" because
it seems to me that to "preserve ocap guarantees" one would probably
get them via a set of more general safety features. i guess you could
have your language know about the 'ocap' type and enforce good things
only for that, and leave all other object to e.g. not have 'private',
but that doesn't seem like something i'd see in a language of today.

sincerely.