Walter: > http://www.slate.com/blogs/blogs/thewrongstuff/archive/2010/06/28/risky-business-james-bagian-nasa-astronaut-turned-patient-safety-expert-on-being-wrong.aspx
It's a very good article, thank you for the link. I think it's a book chapter. It says many different things. James Bagian looks like a quite unusual person. The stress over "close calls" in medicine is important, as it's very important to manage errors correctly. Just punishing the doctors/nurses that have done a mistake, as often done today, is not a solution. > Errors that we can eliminate by changing the design of the language, we > should so eliminate (unless their costs make the language unuseable, > obviously).< Beside few things already present in D2, some of the features that may help avoid some bugs are: 1) Typestate, a feature that is attracting more my interest and appreciation, that will be present in the Rust language by Mozilla labs (I think typestate may avoid many of the bugs found by the real-world static analysis done by Microsoft: http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.61.3285 ); 2) Some lint-like capabilities in the compiler, that *are* able to catch an enormous amount and variety of bugs. This is not a new feature for D2, because it's a collection of many small tests. The new C/C++ Clang compiler shows that it's positive to put some of those capabilities inside the compiler instead of inside an external tool that's uncommonly used; 3) Optional integer/unsigned overflow tests, as C#; 4) Some kind of compile-time enforcement against null references/pointers (my example: http://d.puremagic.com/issues/show_bug.cgi?id=4571 ). 5) Pluggable type systems may help in unforseen situations, they are special-purpose parts of the type system that you may add to the compiler/interpreter to enforce some new contraints. The Treehydra (the GCC plugin that provides a low level JavaScript binding to GCC's GIMPLE AST representation) is an example of pluggable type system. Python3 has added a type annotation syntax for this purpose. D3 may add such capabilities expanding static reflection, and letting user-defined @attributes use it. Among those five things the typestate is the one that I have never tried, but it looks good. The other four features look fit for D3 (among those five features, the only one that may change the run-time performance of the code are the overflow tests, the other four things are essentially flexible type system-level constraints). Bye, bearophile
