> With the Common Lisp model of optimization you can do this selectively for parts of your code, and the compiler can ignore your type hints or declarations if it wants to.
What if those parts of your code have bugs in them? There's no reason they wouldn't, and whoever's writing file format parsers (fonts, video, JPEG) on your platform is going to turn off safety because it's too slow, even though that code has many attack surfaces.
1. Those type checks will be too slow
2. The compiler will choose to follow declarations for untrusted code
3. The declarations will lead to bugs on some inputs
4. Those bugs will be exploitable
5. Somehow those exploits will be worse than what's currently the case with C
99% of C exploits are string/buffer overflows. Bounds checking is not expensive, especially when your arrays carry around their size information. You can enable it in many current C compilers. W^X is an attempt to put something resembling bounds checking into the hardware.
I honestly don't understand the people that argue bounds checking is too slow. How many times do you have to make the same mistake to realize that what you're doing is wrong? It's just idiotic.
What if those parts of your code have bugs in them? There's no reason they wouldn't, and whoever's writing file format parsers (fonts, video, JPEG) on your platform is going to turn off safety because it's too slow, even though that code has many attack surfaces.