safety model in D

Aelxx aelxx at yandex.ru
Wed Nov 4 03:04:13 PST 2009 

"Andrei Alexandrescu" <SeeWebsiteForEmail at erdani.org> ÓÏÏÂÝÉÌ/ÓÏÏÂÝÉÌÁ × 
ÎÏ×ÏÓÔÑÈ ÓÌÅÄÕÀÝÅÅ: news:hcr2hb$dvm$1 at digitalmars.com...
> Jesse Phillips wrote:
>> On Tue, 03 Nov 2009 17:55:15 -0600, Andrei Alexandrescu wrote:
>>
>>> There's a lot more, but there are a few useful subspaces. One is, if an
>>> entire application only uses module(safe) that means there is no memory
>>> error in that application, ever.
>>>
>>> Andrei
>>
>> Does that mean that a module that uses a "trusted" module must also be 
>> marked as "trusted?" I would see this as pointless since system modules 
>> are likely to be used in safe code a lot.
>
> Same here.
>
>> I think the only real option is to have the importer decide if it is 
>> trusted.
>
> That can't work. I can't say that stdc.stdlib is trusted no matter how 
> hard I try. I mean free is there!
>
>> I don't see a reasonable way to have third party certification. It is 
>> between the library writer and application developer. Since the library 
>> writer's goal should be to have a system module that is safe, he would 
>> likely want to mark it as trusted. This would leave "system" unused 
>> because everyone wants to be safe.
>
> Certain modules definitely can't aspire to be trusted. But for example 
> std.stdio can claim to be trusted because, in spite of using untrusted 
> stuff like FILE* and fclose, they are encapsulated in a way that makes it 
> impossible for a safe client to engender memory errors.
>
>> In conclusion, here is a chunk of possible import options. I vote for the 
>> top two.
>>
>> import(system) std.stdio;
>> system import std.stdio;
>> trusted import std.stdio;
>> import(trusted) std.stdio;
>> import("This is a system module and I know that it is potentially unsafe, 
>> but I still want to use it in my safe code") std.stdio;
>
> Specifying a clause with import crossed my mind too, it's definitely 
> something to keep in mind.
>
>
> Andrei
>
How about this:
system module foo ;
... (code)
trusted module foo2 ;
... (code)
safe module bar ;
... (code)

import foo, foo2, bar ; // status defined automatically from module 
declaration.
//  error: used system module 'foo' in safe application.

More information about the Digitalmars-d mailing list