Being safe, or type-safe, means that you can tell from looking at the source code whether your program behaves correctly.
The statement std::cout << x
is always correct, assuming that x
has a well-defined value (and isn't, say, uninitialized); this is something you can guarantee from looking at the source code.
By constrast, C is not safe: For example, the following code may or may not be correct, depending on the runtime input:
int main(int argc, char * argv[])
{
if (argc == 3)
printf(argv[1], argv[2]);
}
This is correct if and only if the first argument is a valid format string containing precisely one "%s
".
In other words, it is possible to write a correct C program, but it's impossible to reason about the correctness just by inspecting the code. The printf
function is one such example. More generally, any function that accepts variable arguments is most likely unsafe, as is any function that casts pointers based on runtime values.