On 11/09/2015 07:19 PM, Simon Wright wrote: > Ada certainly has fewer UB properties than C, but Ada programs can be erroneous (anything might happen) or have bounded errors; typically from some form of “unchecked conversion”, e.g. in the embedded context reading from the wrong address and therefore reading invalid (out-of-range) values, and then not validating. There is one curious corner case which has no immediately obvious, localized footprint: <http://www.enyo.de/fw/notes/ada-type-safety.html> Basically, it's an aliased tagged union which is updated in place. Essentially the same thing exists in unsafe Rust: <http://www.enyo.de/fw/notes/unsafe-rust-type-safety.html> These examples might seem a bit silly, but t here is a surprisingly widespread belief among language designers that you can have type safety without memory safety. (Obviously the answer to that depends on what you mean by these terms.) Florian
