<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div><blockquote type="cite" class=""><div class="">On May 12, 2016, at 10:45 AM, Jordan Rose via swift-dev <<a href="mailto:swift-dev@swift.org" class="">swift-dev@swift.org</a>> wrote:</div><div class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class=""><blockquote type="cite" class=""><div class="">On May 12, 2016, at 10:44, Joe Groff <<a href="mailto:jgroff@apple.com" class="">jgroff@apple.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><br class=""><blockquote type="cite" class="">On May 12, 2016, at 9:27 AM, Jordan Rose via swift-dev <<a href="mailto:swift-dev@swift.org" class="">swift-dev@swift.org</a>> wrote:<br class=""><br class=""><br class="">- I’m uncomfortable with using the term “undefined behavior” as if it’s universally understood. Up until now we haven't formally had that notion in Swift, just “type safety” and “memory safety” and “invariant-preserving” and the like. Maybe we need it now, but I think it needs to be explicitly defined. (I’d actually talk to Dave about exactly what terms make the most sense for users.)<br class=""></blockquote><br class=""><div class="">We do have undefined behavior, and use that term in the standard library docs where appropriate:</div><div class=""><br class=""></div><div class=""><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">stdlib/public/core/Optional.swift</span><span style="font-variant-ligatures: no-common-ligatures; color: #34bbc7" class="">-</span><span style="font-variant-ligatures: no-common-ligatures" class=""> /// `!` (forced unwrap) operator. However, in optimized builds (`-O`), no</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">stdlib/public/core/Optional.swift</span><span style="font-variant-ligatures: no-common-ligatures; color: #34bbc7" class="">-</span><span style="font-variant-ligatures: no-common-ligatures" class=""> /// check is performed to ensure that the current instance actually has a</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">stdlib/public/core/Optional.swift</span><span style="font-variant-ligatures: no-common-ligatures; color: #34bbc7" class="">-</span><span style="font-variant-ligatures: no-common-ligatures" class=""> /// value. Accessing this property in the case of a `nil` value is a serious</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">stdlib/public/core/Optional.swift</span><span style="font-variant-ligatures: no-common-ligatures; color: #34bbc7" class="">:</span><span style="font-variant-ligatures: no-common-ligatures" class=""> /// programming error and could lead to </span><span style="font-variant-ligatures: no-common-ligatures; color: #c33720" class=""><b class="">undefined behavior</b></span><span style="font-variant-ligatures: no-common-ligatures" class=""> or a runtime</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">stdlib/public/core/Optional.swift</span><span style="font-variant-ligatures: no-common-ligatures; color: #34bbc7" class="">-</span><span style="font-variant-ligatures: no-common-ligatures" class=""> /// error.</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">stdlib/public/core/Optional.swift</span><span style="font-variant-ligatures: no-common-ligatures; color: #34bbc7" class="">-</span><span style="font-variant-ligatures: no-common-ligatures" class=""> ///</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">stdlib/public/core/Optional.swift</span><span style="font-variant-ligatures: no-common-ligatures; color: #34bbc7" class="">-</span><span style="font-variant-ligatures: no-common-ligatures" class=""> /// In debug builds (`-Onone`), the `unsafelyUnwrapped` property has the same</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo; color: rgb(52, 187, 199);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">--</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">stdlib/public/core/StringBridge.swift</span><span style="font-variant-ligatures: no-common-ligatures; color: #34bbc7" class="">-</span><span style="font-variant-ligatures: no-common-ligatures" class=""> /// The caller of this function guarantees that the closure 'body' does not</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">stdlib/public/core/StringBridge.swift</span><span style="font-variant-ligatures: no-common-ligatures; color: #34bbc7" class="">-</span><span style="font-variant-ligatures: no-common-ligatures" class=""> /// escape the object referenced by the opaque pointer passed to it or</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">stdlib/public/core/StringBridge.swift</span><span style="font-variant-ligatures: no-common-ligatures; color: #34bbc7" class="">-</span><span style="font-variant-ligatures: no-common-ligatures" class=""> /// anything transitively reachable form this object. Doing so</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">stdlib/public/core/StringBridge.swift</span><span style="font-variant-ligatures: no-common-ligatures; color: #34bbc7" class="">:</span><span style="font-variant-ligatures: no-common-ligatures" class=""> /// will result in </span><span style="font-variant-ligatures: no-common-ligatures; color: #c33720" class=""><b class="">undefined behavior</b></span><span style="font-variant-ligatures: no-common-ligatures" class="">.</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">stdlib/public/core/StringBridge.swift</span><span style="font-variant-ligatures: no-common-ligatures; color: #34bbc7" class="">-</span><span style="font-variant-ligatures: no-common-ligatures" class=""> @_semantics("self_no_escaping_closure")</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">stdlib/public/core/StringBridge.swift</span><span style="font-variant-ligatures: no-common-ligatures; color: #34bbc7" class="">-</span><span style="font-variant-ligatures: no-common-ligatures" class=""> func _unsafeWithNotEscapedSelfPointer<Result>(</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">stdlib/public/core/StringBridge.swift</span><span style="font-variant-ligatures: no-common-ligatures; color: #34bbc7" class="">-</span><span style="font-variant-ligatures: no-common-ligatures" class=""> _ body: @noescape (OpaquePointer) throws -> Result</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo; color: rgb(52, 187, 199);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">--</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">stdlib/public/core/Unmanaged.swift</span><span style="font-variant-ligatures: no-common-ligatures; color: #34bbc7" class="">-</span><span style="font-variant-ligatures: no-common-ligatures" class=""> /// reference's lifetime fixed for the duration of the</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">stdlib/public/core/Unmanaged.swift</span><span style="font-variant-ligatures: no-common-ligatures; color: #34bbc7" class="">-</span><span style="font-variant-ligatures: no-common-ligatures" class=""> /// '_withUnsafeGuaranteedRef' call.</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">stdlib/public/core/Unmanaged.swift</span><span style="font-variant-ligatures: no-common-ligatures; color: #34bbc7" class="">-</span><span style="font-variant-ligatures: no-common-ligatures" class=""> ///</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">stdlib/public/core/Unmanaged.swift</span><span style="font-variant-ligatures: no-common-ligatures; color: #34bbc7" class="">:</span><span style="font-variant-ligatures: no-common-ligatures" class=""> /// Violation of this will incur </span><span style="font-variant-ligatures: no-common-ligatures; color: #c33720" class=""><b class="">undefined behavior</b></span><span style="font-variant-ligatures: no-common-ligatures" class="">.</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">stdlib/public/core/Unmanaged.swift</span><span style="font-variant-ligatures: no-common-ligatures; color: #34bbc7" class="">-</span><span style="font-variant-ligatures: no-common-ligatures" class=""> ///</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">stdlib/public/core/Unmanaged.swift</span><span style="font-variant-ligatures: no-common-ligatures; color: #34bbc7" class="">-</span><span style="font-variant-ligatures: no-common-ligatures" class=""> /// A lifetime of a reference 'the instance' is fixed over a point in the</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">stdlib/public/core/Unmanaged.swift</span><span style="font-variant-ligatures: no-common-ligatures; color: #34bbc7" class="">-</span><span style="font-variant-ligatures: no-common-ligatures" class=""> /// programm if:</span></div></div></div></div></blockquote><br class=""></div><div class="">Those latter two are in stdlib-internal declarations. I think I have the same objection with using the term for 'unsafelyUnwrapped'.</div></div></div></blockquote><div><br class=""></div>Well, we can say "A program has undefined behavior if it does X or Y", or we can say "A program which does X or Y lacks type safety". In all cases we are referring to a concept defined elsewhere. If we say "undefined behavior", we are using an easily-googled term whose popular discussions will quickly inform the reader of the consequences of the violation. If we say "type safety", we are using a term with that's popularly used in very vague, hand-wavey ways and whose consequences aren't usually discussed outside of formal contexts. If we say "memory safety", we're using a term that doesn't even have that precedent. So we can use the latter two terms if we want, but that just means we need to have a standard place where we define them and describe the consequences of violating them, probably with at least a footnote saying "this is analogous to the undefined behavior rules of C and C++".</div><div class=""><div class=""><div class=""><br class=""></div><div class="">John.</div></div></div></body></html>