Security: The principle that every syntactically incorrect
program should be rejected by the compiler and that every syntactically
correct program should give a result or an error message that was
predictable and comprehensible in terms of the source language
program itself. Thus no core dumps should ever be necessary. It was
logically impossible for any source language program to cause the
computer to run wild, either at compile time or at run time. A
consequence of this principle is that every occurrence of every
subscript of every subscripted variable was on every occasion checked
at run time against both the upper and the lower declared bounds
of the array. Many years later we asked our customers whether they
wished us to provide an option to switch off these checks in the
interests of efficiency on production runs. Unanimously, they urged
us not to - they already knew how frequently subscript errors occur
on production runs where failure to detect them could be disastrous.
I note with fear and horror that even in 1980, language designers
and users have not learned this lesson. In any respectable branch
of engineering, failure to observe such elementary precautions would
have long been against the law.
From The Emperor’s Old Clothes,
By C.A.R. Hoare,
Communications of the ACM, 1981.
Software developers should stop calling themselves Engineers.
Engineering means Reliability.