safety model in D

[Andrei Alexandrescu]

Leandro Lucarella wrote:
> Walter Bright, el  3 de noviembre a las 16:21 me escribiste:
>> Andrei Alexandrescu wrote:
>>> Sketch of the safe rules:
>>>
>>> \begin{itemize*}
>>> \item No @cast@ from a pointer type to an integral type and vice versa
>> replace integral type with non-pointer type.
>>
>>> \item No @cast@ between unrelated pointer types
>>> \item Bounds checks on all array accesses
>>> \item  No  unions  that  include  a reference  type  (array,  @class@,
>>>  pointer, or @struct@ including such a type)
>> pointers are not a reference type. Replace "reference type" with
>> "pointers or reference types".
> 
> Strictly speaking, arrays are not reference types either, right?
> 
> 

Ok, in order to not create confusion, I changed that. Here's the new 
list with one added item:

\begin{itemize*}
\item No @cast@ from a pointer type to a non-pointer type (e.g.~@int@)
   and vice versa
\item No @cast@ between unrelated pointer types
\item Bounds checks on all array accesses
\item No  unions that include pointer  type, a @class@  type, an array
   type, or a @struct@ embedding such a type
\item No pointer arithmetic
\item Taking the  address of a local is forbidden  (in fact the needed
   restriction is to  not allow such an address to  escape, but that is
   more difficult to track)
\item Cross-module function calls must only go to other @safe@ modules
\item No inline assembler
\item No casting away of @const@, @immutable@, or @shared@
\item No calls to unsafe functions
\end{itemize*}


Andrei