On Tuesday, 26 December 2017 at 10:00:25 UTC, Paolo Invernizzi wrote:
> IMHO, the lost list of vulnerability in code shipped by "first class enterprises" is just crying out that C/C++ is not mechanically checkable.
> And we are talking about company that can literally spend an Everest of money on that.
>
> /Paolo

Well, the 'mechanics of checking' continue to need improvement, whether it's C, C++, D, or whatever....

A language that is flexible enough to do the things you can do with such a language, comes at a cost.. which is safety (or program correctness to be precise). Flexibility breeds bugs! That's just how it is. It's inescapable.

And I doubt that it has anything to do with how much money you can spend.

In the example below, which is D code, I simply have to 'forget' to annotate with @safe, and then it's anyone's guess at to what will happen (at least in the second example)

i.e. the mechanical checks don't occur because I simply 'forgot' to do something.

// ---
module test;

import std.stdio;

// from: https://dlang.org/blog/2016/09/28/how-to-write-trusted-code-in-d/

// look at how flexible D is...
void main()
{
    auto buf = new int[1];

    //buf[2] = 1; // compiles ok, even with @safe.
                  // but get range violation at runtime,
                  // whether you use @safe or not
                  // (unless you've disabled bounds checking)

    buf.ptr[2] = 1; // compiles ok, runs ok  - or does it?
                    // however, if you 'remember' to use @safe,
                    // then it won't compile, and you're safe.

}
// -----

On Tue, 2017-12-26 at 08:18 +0000, Dan Partelly via Digitalmars-d wrote:
> 
[…]
> I believe in it in the sense that it can be used to stir powerful social forces to serve propaganda. No language should be without propaganda, since adoption will most likely be more modulated by social factors instead of technical excellence.
> 

All of which brings us full circle: when it comes to programming languages and software development, it is all about advocacy, prejudice, and belief, there is very, very little science happening – and most of the science that is happening is in the psychology of programming, about which most developers of programming languages know nothing.

-- 
Russel.
==========================================
Dr Russel Winder      t: +44 20 7585 2200
41 Buckmaster Road    m: +44 7770 465 077
London SW11 1EN, UK   w: www.russel.org.uk

On Tuesday, 26 December 2017 at 12:18:09 UTC, Russel Winder wrote:
>
> All of which brings us full circle: when it comes to programming languages and software development, it is all about advocacy, prejudice, and belief, there is very, very little science happening – and most of the science that is happening is in the psychology of programming, about which most developers of programming languages know nothing.

+1

I genuinely believe, that it is psychological science that will play the most important role in terms of what programming languages of the future will look like.

psychological studies should be integrated into every CS course.

On Tuesday, 26 December 2017 at 11:54:12 UTC, codephantom wrote:
> On Tuesday, 26 December 2017 at 10:00:25 UTC, Paolo Invernizzi wrote:
>> IMHO, the lost list of vulnerability in code shipped by "first class enterprises" is just crying out that C/C++ is not mechanically checkable.
>> And we are talking about company that can literally spend an Everest of money on that.
>>
>> /Paolo
>
> Well, the 'mechanics of checking' continue to need improvement, whether it's C, C++, D, or whatever....
>
> A language that is flexible enough to do the things you can do with such a language, comes at a cost.. which is safety (or program correctness to be precise). Flexibility breeds bugs! That's just how it is. It's inescapable.
>
> And I doubt that it has anything to do with how much money you can spend.
>
> In the example below, which is D code, I simply have to 'forget' to annotate with @safe, and then it's anyone's guess at to what will happen (at least in the second example)
>
> i.e. the mechanical checks don't occur because I simply 'forgot' to do something.
>
> // ---
> module test;
>
> import std.stdio;
>
> // from: https://dlang.org/blog/2016/09/28/how-to-write-trusted-code-in-d/
>
> // look at how flexible D is...
> void main()
> {
>     auto buf = new int[1];
>
>     //buf[2] = 1; // compiles ok, even with @safe.
>                   // but get range violation at runtime,
>                   // whether you use @safe or not
>                   // (unless you've disabled bounds checking)
>
>     buf.ptr[2] = 1; // compiles ok, runs ok  - or does it?
>                     // however, if you 'remember' to use @safe,
>                     // then it won't compile, and you're safe.
>
> }
> // -----


I have to disagree, again.

It's factual that you can mechanically impose that a module contains only @safe code, and you can do it in multiple ways. You can 'mechanically' impose to write memory safe code in D.

With C/C++ you simply can't do it anything similar, today (and, IMHO, neither tomorrow): the rising of Rust is here to tell us exactly that.

/Paolo

On Tue, 2017-12-26 at 12:26 +0000, codephantom via Digitalmars-d wrote:
> 
[…]
> I genuinely believe, that it is psychological science that will play the most important role in terms of what programming languages of the future will look like.
> 
> psychological studies should be integrated into every CS course.

Sadly I cannot see either of these happening. There is already too much to pack in to an undergraduate CS (*) course even if first programming and simple algorithms moves out into pre-university education – as has now happened in the UK. Also far too few universities have good CS/Psych cooperation.

There also needs to be much greater education everywhere about socio- technical systems. To be honest I'd prioritise this over programming language design since programmers can always use crap languages, but can they build the right system right?


(*) CS is a misnomer, computer science is not really about computers, and there is essentially no science in it.

-- 
Russel.
==========================================
Dr Russel Winder      t: +44 20 7585 2200
41 Buckmaster Road    m: +44 7770 465 077
London SW11 1EN, UK   w: www.russel.org.uk

On Tuesday, 26 December 2017 at 13:54:09 UTC, Paolo Invernizzi wrote:

>
> With C/C++ you simply can't do it anything similar, today (and, IMHO, neither tomorrow): the rising of Rust is here to tell us exactly that.
>
> /Paolo

Excuse me, since I don't really follow the "raise and fall " of new languages. Is really Rust rising and shining ? Tiobe (for all it's flows) put it on 0.530 index, just *below* ADA (great language, for SW engineering if you ask me , Id wish I could get a chance to learn it better).  D's index 0.950 much better than Rust's.

On Tuesday, 26 December 2017 at 15:53:50 UTC, Russel Winder wrote:

>
> There also needs to be much greater education everywhere about socio- technical systems. To be honest I'd prioritise this over programming language design since programmers can always use crap languages, but can they build the right system right?

Ok I'll bite. Can you recommend me some reasonable easy literature. Something you can read in free time when you travel, not study.   Social interactions where always interesting for me.

>
> (*) CS is a misnomer, computer science is not really about computers, and there is essentially no science in it.

Yeah, Abelson started his SICP lectures proclaiming that. At least the '86 edition which is noe on net.

On Tue, 2017-12-26 at 16:40 +0000, Dan Partelly via Digitalmars-d wrote:
> 
[…]
> Excuse me, since I don't really follow the "raise and fall " of new languages. Is really Rust rising and shining ? Tiobe (for all it's flows) put it on 0.530 index, just *below* ADA (great language, for SW engineering if you ask me , Id wish I could get a chance to learn it better).  D's index 0.950 much better than Rust's.

TIOBE has nothing concrete to say about the languages themselves, it is a metric of how much buzz on the search engines there is about the language. Generally this is correlated with how much people do not understand about a language and are prepared to ask publicly. There is also a huge hysteresis in the measure.

TIOBE can be fun, but nothing serious can be inferred from the data.

As for the particular question, language such as Groovy have great traction but very little TIOBE buzz. Rust has lots of technical things about memory safety but the buzz isn't really there yet.

Which leads to another observation: if a language has a strong language specific mail list of forum very little gets said outside that arena and so TIOBE doesn't pick it up. So in a sense TIOBE is a measure of disparateness of the community.


-- 
Russel.
==========================================
Dr Russel Winder      t: +44 20 7585 2200
41 Buckmaster Road    m: +44 7770 465 077
London SW11 1EN, UK   w: www.russel.org.uk

On 12/26/2017 1:03 AM, Paolo Invernizzi wrote:
> The point is that the presence of one @safe: line in the module can be mechanically checked, over one million devs working on a codebase.
> 
> The whole point of Walter argumentation is 'mechanically'.

That's right. C++ is based on faith in the programmer using best practices. D is not based on faith, it can be automatically checked.

On 12/26/2017 1:21 AM, codephantom wrote:
> My C/C++ code can be 'mechanically' checked too.. and those checks are better than they've even been, and getting better.

I compiled the code snippet with clang++, a modern C++ compiler, with -Wall. It did not detect the obvious error.