[cap-talk] definition of the term "safe language"

Mike Samuel mikesamuel at gmail.com
Fri Apr 9 14:51:44 PDT 2010


2010/4/9 Raoul Duke <raould at gmail.com>:
> On Fri, Apr 9, 2010 at 1:48 PM, Mike Samuel <mikesamuel at gmail.com> wrote:
>> That is why I argued that an ocap language need not be a safe language
>> -- it only need be safe w.r.t. the abstractions that preserve the ocap
>> guarantees, such as unforgeability of object references, object
>> privacy, and lack of ambient access to syscalls, etc.
>> So memory-safe can be a useful term, ocap-safe can be a useful term;
>> when not defined in terms of obscure properties of the spec.
>
> i'm puzzled how "an ocap language need not be a safe language" because
> it seems to me that to "preserve ocap guarantees" one would probably
> get them via a set of more general safety features. i guess you could
> have your language know about the 'ocap' type and enforce good things
> only for that, and leave all other object to e.g. not have 'private',
> but that doesn't seem like something i'd see in a language of today.

Please see the 7th and 12th posts.


More information about the cap-talk mailing list