Re: Memory safe implementations of C/C++

Hi Michael,

>And this is a perfectly reasonable assumption; they don't have to
>preserve any particular behaviour when a program is undefined, so they
>need only check that their optimisation satisfies the following
>  program P doesn't exhibit undefined behaviour 
>    ==> 
>  (behaviour(P) = behaviour(optimised(P)))
>This is a strong and very useful assumption, but I don't think it
>constitutes "ducking" the issue.  

I emphatically disagree since the set of "well-behaved programs"
(those that never perform unsafe operations) is not recursive.
(In fact, it is not even recursively enumerable.)  In practice, it is
impossible to tell if such an optimization is safe for a given C
program.  This is the point that Matthias Felleisen was implicitly making
in the message when "he rested his case".

Such optimizations can only be safely applied to programs for which
there is a proof that no unsafe operations can be performed.  You can
define a safe subset of ANSI C for which this property holds, but such
a language will look a lot like Java including bounds-checked arrays,
no pointer arithmetic, and automatic storage management.

-- Corky Cartwright