safety model in D

[Michal Minich]

Hello Andrei,

> Michal Minich wrote:
> 
>> Hello Michel,
>> 
>>> module (system) name;         // interface: unsafe   impl.: unsafe
>>> module (safe) name;           // interface: safe     impl.: safe
>>> 
>> I thought that first (unsafe-unsafe) case is currently available just
>> by:
>> 
>> module name; // interface: unsafe   impl.: unsafe
>> 
>> separating modules to unsafe-unsafe and safe-safe  has no usefulness
>> - as those modules could not interact, specifically you need modules
>> that are implemented by unsafe means, but provides only safe
>> interface, so I see it as:
>> 
>> module name;                  // interface: unsafe   impl.: unsafe
>> module (system) name;         // interface: safe     impl.: unsafe
>> module (safe) name;           // interface: safe     impl.: safe
>> 
>> so you can call system modules (io, network...) from safe code.
>> 
> That's a pretty clean design. How would it interact with a -safe
> command-line flag?
> 
> Andrei
> 

When compiling with -safe flag, you are doing it because you need your entire 
application to be safe*.

Safe flag would just affect modules with no safety flag specified - making 
them (safe):

module name; --> module (safe) name;

and then compile.

It would not affect system modules, because you already *belive* that the 
modules are *safe to use* (by using or not using -safe compiler flag).

*note: you can also partially compile only some modules/package.