safety model in D

Michel Fortin michel.fortin at michelf.com
Wed Nov 4 07:03:47 PST 2009 

On 2009-11-04 09:29:21 -0500, Michal Minich <michal at minich.sk> said:

> Hello Andrei,
> 
>> Michal Minich wrote:
>> 
>>> Hello Michel,
>>> 
>>>> module (system) name;         // interface: unsafe   impl.: unsafe
>>>> module (safe) name;           // interface: safe     impl.: safe
>>>> 
>>> I thought that first (unsafe-unsafe) case is currently available just
>>> by:
>>> 
>>> module name; // interface: unsafe   impl.: unsafe
>>> 
>>> separating modules to unsafe-unsafe and safe-safe  has no usefulness
>>> - as those modules could not interact, specifically you need modules
>>> that are implemented by unsafe means, but provides only safe
>>> interface, so I see it as:
>>> 
>>> module name;                  // interface: unsafe   impl.: unsafe
>>> module (system) name;         // interface: safe     impl.: unsafe
>>> module (safe) name;           // interface: safe     impl.: safe
>>> 
>>> so you can call system modules (io, network...) from safe code.
>>> 
>> That's a pretty clean design. How would it interact with a -safe
>> command-line flag?
>> 
>> Andrei
>> 
> 
> When compiling with -safe flag, you are doing it because you need your 
> entire application to be safe*.
> 
> Safe flag would just affect modules with no safety flag specified - 
> making them (safe):
> 
> module name; --> module (safe) name;
> 
> and then compile.

I'm not sure this works so well. Look at this:

	module memory;   // unsafe interface - unsafe impl.
	extern (C) void* malloc(int);
	extern (C) void free(void*);

	module (system) my.system;   // safe interface - unsafe impl.
	import memory;
	void test() { auto i = malloc(10); free(i); }   // ok: unsafe impl. allowed

	module (safe) my.safe;   // safe interface - safe impl.
	import memory;
	void test() { auto i = malloc(10); free(i); }   // error: malloc, free 
are unsafe

How is this supposed to work correctly with and without the "-safe" 
compiler flag? The way you define things "-safe" would make module 
memory safe for use while it is not.


-- 
Michel Fortin
michel.fortin at michelf.com
http://michelf.com/

More information about the Digitalmars-d mailing list