safety model in D
Andrei Alexandrescu
SeeWebsiteForEmail at erdani.org
Wed Nov 4 07:27:25 PST 2009
Walter Bright wrote:
> Andrei Alexandrescu wrote:
>> Sketch of the safe rules:
>>
>> \begin{itemize*}
>> \item No @cast@ from a pointer type to an integral type and vice versa
>
> replace integral type with non-pointer type.
>
>> \item No @cast@ between unrelated pointer types
>> \item Bounds checks on all array accesses
>> \item No unions that include a reference type (array, @class@,
>> pointer, or @struct@ including such a type)
>
> pointers are not a reference type. Replace "reference type" with
> "pointers or reference types".
>
>> \item No pointer arithmetic
>
>> \item No escape of a pointer or reference to a local variable outside
>> its scope
>
> revise: cannot take the address of a local or a reference.
>
>> \item Cross-module function calls must only go to other @safe@ modules
>> \end{itemize*}
>
> add:
> . no inline assembler
> . no casting away of const, immutable, or shared
Ok, here's what I have now:
\begin{itemize*}
\item No @cast@ from a pointer type to a non-pointer type (e.g.~@int@)
and vice versa
\item No @cast@ between unrelated pointer types
\item Bounds checks on all array accesses
\item No unions that include pointer type, a reference type (array,
@class@), or a @struct@ including such a type
\item No pointer arithmetic
\item Taking the address of a local is forbidden (in fact the needed
restriction is to not allow such an address to escape, but that is
more difficult to track)
\item Cross-module function calls must only go to other @safe@ modules
\item No inline assembler
\item No casting away of @const@, @immutable@, or @shared@
\end{itemize*}
Andrei
More information about the Digitalmars-d
mailing list