zlacker

[parent] [thread] 3 comments
1. layer8+(OP)[view] [source] 2022-10-02 21:31:48
What I mean is that there is no universal definition of which properties are safety properties. In principle, you can define any property you can formally reason about as a safety property. Therefore, whenever you talk about safety, you first have to define which properties you mean by that.

In the context of Rust, there are a number of safety properties that Rust guarantees (modulo unsafe, FFI UB, etc.), but that set of safety properties is specific to Rust and not universal. For example, Java has a different set of safety properties, e.g. its memory model gives stronger guarantees than Rust’s.

Therefore, the meaning of “language X is safe” is entirely dependent on the specific language, and can only be understood by explicitly specifying its safety properties.

replies(2): >>avgcor+O1 >>UncleM+I8
2. avgcor+O1[view] [source] 2022-10-02 21:43:56
>>layer8+(OP)
> Therefore, whenever you talk about safety, you first have to define which properties you mean by that.

Like “memory safety”?

replies(1): >>layer8+b6
◧◩
3. layer8+b6[view] [source] [discussion] 2022-10-02 22:14:36
>>avgcor+O1
For example. Rust has other safety properties beyond memory safety.
4. UncleM+I8[view] [source] 2022-10-02 22:32:22
>>layer8+(OP)
That's true for "soundness" too. Things aren't just "sound". They are sound with respect to something. So when you use "soundness" as a comparison against "safety", you'll have to understand how somebody could interpret your post in the way that I did.

Almost all discussion about Rust is in comparison to C and C++, by far the dominant languages for developing native applications. C and C++ are famously neither type-safe nor memory-safe and it becomes a pretty easy shorthand in discussions of Rust for "safety" to refer to these properties.

[go to top]