[e-dant]

Without stepping on anyone’s toes, I think we can agree that “safety” could be broken down a bit. Memory safety, thread safety, fine… but there’s a whole forest past those trees.

Is it a safety feature to type-check regular expressions using dependent types? Is Python a security vulnerability because the performance can be unpredictable?

I don’t know.

Rust, for that matter, doesn’t protect you from running out of memory from leaking data on the heap — or from running out of stack space because your infinitely recursive function doesn’t halt. Maybe that’s not part of memory safety — but that’s my point.

There’s a whole safety forest out there. Whenever I read an article about safety in software, it seems like a comfy blanket statement. “This is a nice definition which I will live in.”

I just don’t see how it’s so flat.

[rozap]

> I just don’t see how it’s so flat.

Because people like making wild and provocative claims to motivate writing a paper for which the conclusion was already decided.

Anyone who has used, I dunno, any of programming languages that are being discussed has a more nuanced take, and isn't spending time trying to force all things into Box A or Box B.

Elixir/Erlang has a pleasant concurrency model. It does some things well, it does other things less well. It eliminates a big class of bugs, and yet you can still write bugs in Elixir.

These sorts of papers are a waste of space on the internet imo.

[devoutsalsa]

“What is sending a message to my process and making it crash?!”

“My synchronous reply timed out, so why I am I getting a message after the timeout?!”

“Why did deleting my build directory fix the compile error?!”

“How do I keep my app from crashing when my supervisor crashed too many times in a given timeframe?!”

So many adventures to be had.

[josevalim]

For the first you can setup a tracer for messages sent and received. Second should not happen from OTP 24.

Fourth is the wrong question to ask: if the failure handling mechanism is invoked too frequently, fix the failures, not the recovery.

Third is definitely my fault. Bug reports are appreciated whenever possible.

But generally speaking, yes, debugging is part of every programming language, and concurrency and distribution will add to the adventure whenever used, to varying degrees depending on the programming language.

[rozap]

Plenty. But I'd take those trivial issues over a blob of microservices any day of the week.

In any case, the answer continues to be "it depends". But people will continue to look for "one weird trick" solutions to every problem.

[devoutsalsa]

It's fun an games until you have to debug an Erlang RPC call that is timing out w/o log messages in a blob of Elixir micro services.

[phanimahesh]

On erlang vm (beamvm), you can safely trace in production. It makes tracing and debugging tools in other ecosystems look like they are primitive in comparison.

I think erlang ecosystem has its own warts like any other one but debugging definitely isn't one

Here are a few examples of what you can do in erlang/elixir:

Inspect function calls that match specific argumrnt patterns, which can get pretty detailed. Tag processes by id, future processes under a supervisor, or other criteria, and limit tracing to these. Limit tracing to n occurences. As in automatically disable tracing after it triggered n times.

Typically one combines these and more to identify issues pretty rapidly.

[rozap]

tracing Erlang in prod is literally a fun game, and very easy. Like...one of the best things about the ecosystem. The dbg module (part of the stdlib) is your friend. Trace messages, function calls, with as wide or as specific a net as you need. I've found bugs quickly that would have taken a lot of trial and error on other platforms.

[Kranar]

Safety means no undefined behavaior. It does not mean free of bugs, or security issues, or free from crashes. It simply means every operation has well specified semantics.

[woodruffw]

Where did you get this definition of safety from? I’ve never heard someone define safety to exclude security issues; that doesn’t seem very useful.

[jeffreygoesto]

Security can kill safety, yes.

Typically you would start with [0] and it's derivations for specific domains.

The core idea is "The fundamental concept is that any safety-related system must work correctly or fail in a predictable (safe) way."

The interesting question is what to do in corner cases you did not specify explicitly. Typically it is still considered "safe" if you don't do what you would have specified in hindsight, but fall into the defined failure reaction. You also try to make security problems take that path.

Checking that the system does what is specified is called "verification" and the domain of functional safety. Checkin that this is what you actually meant (it actually solves the user's problem) is called "validation" and especially for vehicles called SOTIF [1].

[0] https://en.m.wikipedia.org/wiki/IEC_61508

[1] https://www.iso.org/standard/77490.html

[e-dant]

The ABS system your car’s brakes could crash — literally — and that would be safe?

[sodapopcan]

Ha, this is such a good example of both the advantage of fault tolerant systems and why so many true-to-life computing metaphors fall flat.

[Kranar]

Safe means that every operation has well specified semantics. Some languages, notably C and C++, lack this property.

[andyferris]

I would say those languages are both unsafe and have undefined behavior, and these are two seperate issues.

[throwawaymaths]

That's not what undefined behavior means.

[fuzztester]

>It does not mean free of bugs

What if there is a bug in those well-specified semantics?

[Kranar]

Then the semantics are not well specified.

[sodapopcan]

The point being made here is that you can be infinitely specific and still run into unexpected failures. If you're going to claim there is a way out of that you are either very young of just straight up lying.

We're talking about Erlang here which, to my knowledge, is the only mainstream-ish general-purpose programming language that was developed to solve an actual business problem. To be that guy that quotes a relatively well-known quip that maybe you've already heard, the unofficial tagline was: "Remember in the 90s when your phone company would call you up and say that you can't use your phone for a few hours for 'planned maintenance'? Of course you don't... and that's tanks to Erlang."

That was accomplished because you can just specify the happy path, deal with well-known exceptions (are they really "exceptional" at this point?), and otherwise just turn it off and on again, as we all do. And, not to start a flame war, but it's a dynamically typed language to boot!