Re: Memory safe implementations of C/C++

• To: Michael Norrish <Michael.Norrish@cl.cam.ac.uk>
• Subject: Re: Memory safe implementations of C/C++
• From: Corky Cartwright <cork@rice.edu>
• Date: Thu, 10 Jan 2002 01:16:11 -0600 (CST)
• Cc: types@cis.upenn.edu

Hi Michael,

>And this is a perfectly reasonable assumption; they don't have to
>preserve any particular behaviour when a program is undefined, so they
>need only check that their optimisation satisfies the following
>property
>
>  program P doesn't exhibit undefined behaviour 
>
>    ==> 
>
>  (behaviour(P) = behaviour(optimised(P)))
>
>This is a strong and very useful assumption, but I don't think it
>constitutes "ducking" the issue.  

I emphatically disagree since the set of "well-behaved programs"
(those that never perform unsafe operations) is not recursive.
(In fact, it is not even recursively enumerable.)  In practice, it is
impossible to tell if such an optimization is safe for a given C
program.  This is the point that Matthias Felleisen was implicitly making
in the message when "he rested his case".

Such optimizations can only be safely applied to programs for which
there is a proof that no unsafe operations can be performed.  You can
define a safe subset of ANSI C for which this property holds, but such
a language will look a lot like Java including bounds-checked arrays,
no pointer arithmetic, and automatic storage management.

-- Corky Cartwright

• Re: Memory safe implementations of C/C++
• From: Michael Norrish <Michael.Norrish@cl.cam.ac.uk>

• Prev: Re: Decidable polymorphic recursion?
• Next: Call for Partic 7th Estonian Winter School in Computer Science
• Index(es):
  • Main
  • Thread