Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!think.com!zaphod.mps.ohio-state.edu!swrinde!elroy.jpl.nasa.gov!decwrl!fernwood!uupsi!rodan.acs.syr.edu!wotan.top.cis.syr.edu!greeny
From: greeny@wotan.top.cis.syr.edu (Jonathan Greenfield)
Newsgroups: comp.sys.transputer
Subject: Re: Anarchic protocol ANY (occam2)
Message-ID: <1991May20.113104.25938@rodan.acs.syr.edu>
Date: 20 May 91 16:53:11 GMT
References: <9105152020.AA15174@theory.TN.CORNELL.EDU> <LLW.91May17095750@corwin.eng.yale.edu> <1758@culhua.prg.ox.ac.uk>
Reply-To: greeny@top.cis.syr.edu (Jonathan Greenfield)
Organization: CIS Dept., Syracuse University
Lines: 17

In article <1758@culhua.prg.ox.ac.uk> geraint@prg.ox.ac.uk (Geraint Jones) writes:
>I'm not sure what you think is the design flaw: the programs in question
>are not guaranteed to work (by the occam2 Reference Manual).  The only
>`unexpected' behaviour is that Inmos' occam2 compiler happens to produce
>code which makes this invalid non-program do what its author expected in case
>the communication is on hard channels.  It is _very_ hard to guarantee that
>all incorrect programs do something unexpected; the usual contract with a
>language implementor is that all correct programs should only do the
>expected.

A secure language implementation detects any violation of the language
definition, either at compile-time, or at run-time.  If a language cannot be
implemented in a secure manner, then the language design is flawed.  If a
language can be implemented in a secure manner, but a particular system fails
to do so, then the system design is flawed.

Jonathan