Keith H Duggar said:
Wrong. You said "for any program". And whether or not you PS note
actually applied to that initial outburst is entirely unclear.
If I'm saying the tautology:
for any integer x, ((x<0) and (x>0)) ==> (x=sqrt(x+1))
and you cannot find any integer such as x=sqrt(x+1), then it means
that there is no integer x such as (x<0) and (x>0).
Analoguously, there is no program that really need to be close to the
metal. This is exactly what I'm saying.
So your initial "AFAIK, it's as raw as for any program" was wrong?
Which is clearly a VERY different message from your first post.
I guess you a backtracking a bit now that your original over-
zealous bluster was called.
It may look like I'm backtracking, but it's only a concession to the
vicious circle constituted by unix<=>C.
I admit that you write a unix kernel and its driver in C, because I
let the definition of unix to be a kernel written in C.
But doing this concession, I require that you do the concession that
anything else mustn't be written in C.
And I say nothing about the bugs inherent in implementing a kernel in
C. I'll only say that I'd prefer to work on a kernel NOT implemented
in C, for example, a kernel with drivers implemented in Lisp, such as
the Lisp Machine kernel, (or Movitz for a modern example). But other
programming languages are also admissible, such as Oberon or Modula-3.
I'm surprised that after all these years and all your education
and experience that you still swallow the "pointers are evil" BS.
Pointers as implemented by C compilers are evil indeed.
Checked pointers would be admissible.
The C or C++ languages themselves says that it is illegal (or
technically, "undefined") to access via a pointer beyond the allocated
memory block. Why don't the compilers control this?
Notice that we're talking about "classes of program working in a
controled environment". This is the category we're talking about.
Above, any occurence of "languages", must be taken as the typical
category in which their implementations generally fall. You may have
exceptionnal implementations (eg a C interpreter that controls all
pointer accesses, or a Common Lisp compiler without any safety
optimization that would let you implement buffer overflows), but we're
not considering these exceptional cases.
A meeting point that could satisfy both of us (but remember that I'm
asserting that programs don't need to be that close to the metal, so I
don't really see the point), would be Modula-3, where you can define
SAFE or UNSAFE modules, UNSAFE modules being those that would use
unsafe primitives, such as random pointer computations. Typically,
you would have to prove formally their correctness and to intensively
test these unsafe modules before incoporating them in a system.
Another meeting point would be that when I say that programs don't
need to be close to the metal, I'm speaking of source code, of
programs as written by human. If there are automatic tools that
compile high level code into binary code close to the metal, I don't
really mind (assuming the compilers are formally proved, and closely
checked).