What defines a "safe" programming language/framework?

views:

494

answers:

+2 Q:

What defines a "safe" programming language/framework?

People may like this discussion of the history of innovation. What caught my eye was the remark about the importance of providing learning environments where failure is safe (gymnast mats, for instance). It caused me to wonder what makes programming environments characteristically safe. Here are three attributes that I have identified:

Strong type safety.
Compile time vs. run time determination of semantics. Here, concepts like generic programming (templates) win out over dynamic programming (Ruby, Smalltalk).
Clarity of syntax (having x=1 evaluate to TRUE, for instance, has caused many people to fail "unsafely").

Also interesting were the remarks about technological determinism. Here's a good example: at about 3:15 into Essential Windows Presentation Foundation, an architect of WPF fails to remember all seven core elements of the framework.

+1 A:

Under normal circumstances, no programming error will break your leg...

So the notion of 'safe' is not really relevant. Assembly-language is not 'safe' yet you can learn a lot by using it.

Steven A. Lowe 2008-10-26 18:22:49

I think you're applying your own hand-picked definition of "safe" in an unhelpful way. But to respond to your snarkiness in kind, you must not have ever worked in the medical device industry or software controlling vehicles or heavy machinery.

dj_segfault 2009-10-14 23:33:53

Oh yeah? I work on pretty powerful machines that could snap a leg in two.

Ed Swangren 2009-10-14 23:41:59

@[dj_segfault]: I have worked in all three areas. Please read the question more carefully: "the importance of providing **learning environments** where failure is safe". Please do not learn to program by controlling heavy machinery, vehicles, or medical devices!

Steven A. Lowe 2009-10-15 00:52:20

+4 A:

Strong typing, compilation vs. interpretation, syntax clarity... are largely irrelevant (to this discussion). "Safe" failure means only that failure does not hinder your ability to try again immediately - you haven't accidentally rebooted, written corrupt data to disk, deleted your operating system, crashed your editor, etc.

Indeed, a light-weight, loosely-typed, interpreted language may actually provide more "safety", by eliminating some of the cost in time and effort of the write-test cycle (a compiler warning you that if ( x=1 ) print('true'); may not do what you intend may still chew up more time than simply seeing that it prints true when x holds 0).

A quick glance at my profile shows that I've been involved in 47 JavaScript-tagged questions, over twice as many as C++. Why should that be, considering I have far more actual experience with C++? Well... I can open up a browser and an editor and write my answer "on the fly", testing each part as I go, and generally have a fully-tested answer in less time than it would take to build and test the first iteration of a C++ answer. By making failure less costly, JavaScript has encouraged me to use it over what might otherwise be considered a "safer" language.

Shog9 2008-10-26 18:37:26

I'd love to achieve this level of comfort with js. When I compare it with the experience of debugging a C++ app in MSDEV, it turns out to be extremely labor intensive (for me, at least). No dataTips, ability to change values at a breakpoint...

2008-10-26 19:18:59

You can't think about them the same way. In C++, static debugger tools (VS2005+ will do datatips for JS, BTW) and complex conditional breakpoints are key; for JS debugging, you can evaluate JS expressions, function calls, at breakpoints... the VM is your oyster. Firebug makes this even better.

Shog9 2008-10-26 20:06:09

But my point was, you don't even *need* a debugger most of the time when the language and tools make it possible to test code *while* you're writing it. Writing unit tests for C++/C# is like pulling teeth for me, but it comes naturally when i'm writing JS: there's very little structural resistance.

Shog9 2008-10-26 20:12:44

Agreed. Not being able to screw the environment up too badly is like a gymnastics mat. It doesn't stop you from falling, but it makes the fall safer. Strong typing etc. is more like wearing a rope and harness, making a fall less likely.

David Thornley 2009-10-15 17:17:21

+1 A:

Memory safety (you are unable to access memory that doesn't belong to you) is something I consider to be part of a safe language.

Matt Ellis 2008-10-26 18:38:38

Any protected mode O/S (which is most of them) will prevent this as the MMU simply does not present memory that is not allocated to the process.

ConcernedOfTunbridgeWells 2008-10-26 21:46:27

Nigel, to make this clearer I updated my post with a link to what I mean by memory safety. For example, I wouldn't consider a language memory safe if it let you write to the 10th element of a 9 element array. The MMU may not protect you in this case.

Matt Ellis 2008-10-27 01:27:57

+2 A:

Language safety is a pretty poorly defined concept, but I'd say it basically means that you're safe in trusting the abstractions provided by the language because the bare-metal implementation details don't leak out. This is almost synonymous with lacking undefined behavior. For example, in C/C++, using wild pointers is undefined behavior, and in practice will result in accessing the bit pattern of some arbitrary part of memory, and interpreting the bit pattern based on the type of the wild pointer. If you write to the dereference of this wild pointer, you overwrite the contents of some arbitrary memory location. This can cause erratic behavior that cannot be reasoned about through the abstractions provided by the language, but only by understanding the bare-metal implementation of these abstractions.

Another example is type punning, or using unions or pointer casting tricks to reinterpret the bit pattern in an area of memory. While this is sometimes necessary for low-level code, it breaks the abstractions provided by the language, and therefore, cannot be guaranteed portable, etc.

dsimcha 2008-10-26 21:07:37

For me, safety in a language is about how well it help the developer catch errors at compile time vs run time. In this respect C/C++ are much more dangerous than Java, but you can still get lots of nasty errors at runtime that really should be caught at compile time (NullPointerException, etc).

This is a higher-level definition than some of the other answers; I'm not sure which you prefer.

dj_segfault 2009-10-14 23:40:15

+1 A:

A language is only as safe as the programmer using it at the time.

Ed Swangren 2009-10-14 23:42:23

+1 A:

It's said of skiing that the amount of your learning is best measured by the number of falls you've taken.

While it's good to ensure that the student doesn't have to hop up and down, wave rubber chickens, and hope that the voodoo maeks teh codez workz, it's also good to give the student a no-voodoo environment where everything comes from starting principles. Hence, C(or ASM) as a first language. Hence, the extant good of requiring a compiler course. Not because compilers are that popular to write on a day-to-day basis, but they de-voodoo the compilers and languages we work with. Java, C#, and other VM languages paper over the hardware and provide a more ideal work environment....until you have to do something interesting. At which time, P/Invoke and his equivalent in Java make an appearance and scare the people without the understanding of what's under the paper[[1]].

So I think that safety as a computer science educational concept is a false safety.

[[1]]Obligatory reference to Joel's Java Schools article.

Paul Nathan 2009-10-15 16:57:49

ansaurus

tags:

views:

answers:

What defines a "safe" programming language/framework?

related questions