The primary responsibility for the correct operation of a program lies with the programmer. However, a language's compiler and standard library can go a long way to making this job easier. The compiler will never understand the program's intended behavior as well as the programmer, but the compiler possesses a rapid, disciplined rigor that fallible humans can never rival. Working together as a team is the quickest path to minimizing risk.

System programming languages have traditionally had a poor reputation for ensuring safety (allowing data buffer overruns, null pointer dereferencing, use after free, data races, etc.). Such vulnerabilities don't just cause programs to fail, they can also open systems up successful attacks by malicious actors.

Rust demonstrates that smarter, safer compilers can be built, able to identify safety exposures without sacrificing runtime performance and flexibility. Cone follows Rust's lead here.

Memory safety

Cone imposes several constraints to prevent bad memory access:

Thread Safety

Cone's static and runtime permissions ensure that two threads cannot modify the same value at the same time. The static permissions accomplish this by preventing two threads from having shared mutable access to the same value. The runtime permissions enforce that all access to shared mutable data will be serialized through the use of synchronization mechanisms.

Type Safety

Cone expects every value to be typed. In general, Cone will fail to compile any program that attempts to handle a value of one type according to the rules of another type. The only exceptions:

"Unsafe" mode

The safety constraints listed above help ensure programs cannot exhibit unsafe behavior. However, these constraints are sometimes overzealous, preventing behavior that may actually be safe, but which the compiler does not have the insight to confirm. For situations like these, Cone provides a useful exit hatch: "trust" blocks. Within trust blocks, Cone's constraints are relaxed, trusting that the programmer takes responsibility for ensuring the program's safety. Within trust blocks, a programmer may do pointer arithmetic, call external functions written in unsafe languages, cast references to other types, etc.