Date: Thu, 31 Oct 2013 09:33:37 +0100
On 31/10/2013 08:55, Lawrence Crowl wrote:
> On 10/30/13, Gabriel Dos Reis <gdr_at_[hidden]> wrote:
>> A redux from the team that sparked discussions last Spring
>> and the eventual formation of SG12.
>>
>> http://pdos.csail.mit.edu/~xi/papers/stack-sosp13.pdf
> The end of the introduction has an interesting paragraph:
>
> Another conclusion one can draw from this paper is that
> language designers should be careful with defining language
> construct as undefined behavior. Almost every language
> allows a developer to write programs that have undefined
> meaning according to the language specification. Our
> experience with C / C++ indicates that being liberal with
> what is undefined can lead to subtle bugs.
>
> Unfortunately, my experience with languages that were
> completely specified suffered from the same problem. Every
> program construct had a meaning, but it might not have been
> what the programmer intended, which lead to subtle bugs.
> The fact that the authors found bugs through undefined
> behavior is actually a good thing. They would not have
> been found if the behavior was fully defined.
That reminds me discussions about GC which has the same effect, no more
undefined behaviour, but that doesn't remove bugs, just define their
effects,
sometimes making them even more subtle, both more difficult to detect and
more difficult to find find the root cause; when security is a factor,
that's better
but when it isn't I'm not so sure.
Yours,
> On 10/30/13, Gabriel Dos Reis <gdr_at_[hidden]> wrote:
>> A redux from the team that sparked discussions last Spring
>> and the eventual formation of SG12.
>>
>> http://pdos.csail.mit.edu/~xi/papers/stack-sosp13.pdf
> The end of the introduction has an interesting paragraph:
>
> Another conclusion one can draw from this paper is that
> language designers should be careful with defining language
> construct as undefined behavior. Almost every language
> allows a developer to write programs that have undefined
> meaning according to the language specification. Our
> experience with C / C++ indicates that being liberal with
> what is undefined can lead to subtle bugs.
>
> Unfortunately, my experience with languages that were
> completely specified suffered from the same problem. Every
> program construct had a meaning, but it might not have been
> what the programmer intended, which lead to subtle bugs.
> The fact that the authors found bugs through undefined
> behavior is actually a good thing. They would not have
> been found if the behavior was fully defined.
That reminds me discussions about GC which has the same effect, no more
undefined behaviour, but that doesn't remove bugs, just define their
effects,
sometimes making them even more subtle, both more difficult to detect and
more difficult to find find the root cause; when security is a factor,
that's better
but when it isn't I'm not so sure.
Yours,
-- Jean-Marc
Received on 2013-10-31 09:33:57