lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On Apr 23, 2012, at 6:25 PM, Sean Conner wrote:

> How much C programming do you do?  Because C is full of undefined
> behavior.

C's behavior is so undefined, most implementations include arbitrary attacker-defined behavior. (See .signature.)

Like many languages, undefined behavior in the Java language generally does not include "bring down the runtime". But along with that, there are far fewer situations in Java resulting in any sort of undefined behavior. (This is a legacy of Write Once Run Away--er, Anywhere.) The level of specification has made Java implementations fairly complex (the memory model is especially fun), but I don't know if there's consensus it is worth it. Arguments about cranking up the level of specificity of Lua probably should make reference to the Java experience.

Looking back to Modula-3, only modules marked UNSAFE had access to tools that could cause arbitrary behavior like unchecked pointers. (Unsafe modules were allowed to export safe interfaces; this allowed the runtime itself to be written in Modula-3, but it also meant those unsafe modules were taking full responsibility for their actions.) This might be an interesting way to classify Lua modules. Obviously any LuaJIT code touching ffi can crash out hard, but the same is true of other low-level C extensions.

>  -spc (Hmm ... isn't Erlang written in C?

It is possible to write non-trivial programs with well-defined behavior in C, especially given a particular subset of declared implementation choices. There would be little point to standardizing a language if this were not true. 

As I say a lot, my first goal in any environment is to get the hell out of C as quickly as possible. It is an awful language for most application programming, especially if one cares about correctness. This usually means I have to build a bunch of C binding code to get into a decent language, and in general the binding code is in the same boat as M3 unsafe modules exporting a safe interface.

-- 
Jay

Strong authentication just proves which chump is in front of the keyboard.