Rob Thorpe (rthorpe@realworldtech.com) on 10/26/06 wrote:
---------------------------
>I don't think I defined it very well. What I was looking for is more:
>* SAFE1 = You can't crash the VM
>* SAFE2 = You can't crash a function in the VM
>
>"Unpredictable" was the wrong way to put it. You can always dream up arguments
>or data-structures to make a function behave unpredictably in almost any language,
>but in some such unpredictably behaving function can still be gauranteed not to crash in some.
>
>I suppose you could phrase the issue like this:-
>
>* SAFE1 = You can't crash the VM
>* SAFE2 = You can't crash a function in the VM
>* SAFE3 = Data a function call recieves is always consistent
>
>SAFE3 is much harder to define, but I expect you know what I mean: code does what you expect it to do.
>
>It seems to me that Java can be SAFE1 & SAFE2, but not SAFE3 with threads.
>

How about this explanation/defintion:

A language is SAFE2 in the same sense that a CPU is SAFE2. The behavior and observable state of the CPU are always defined entirely based on its inputs. Even if you supply it with random string of bytes, it will act in a defined manner. The behaviour and state may not always be predictable externally, because the observer doesn't have enough data, but they are always defined nonetheless. You cannot leave the "abstraction" of the CPU.

(Obviously I am ignoring things like deliberate overheating, external hardware, microcode updates, etc)

In the same way in a SAFE2 language, the language is the abstract "CPU instruction set" and nothing that isn't defined in the instruction set can ever occur, no matter what you do from within the language.