safety model in D

Leandro Lucarella llucax at gmail.com
Wed Nov 4 09:03:42 PST 2009 

Andrei Alexandrescu, el  4 de noviembre a las 08:16 me escribiste:
> Michal Minich wrote:
> >Hello Michel,
> >
> >>module (system) name;         // interface: unsafe   impl.: unsafe
> >>module (safe) name;           // interface: safe     impl.: safe
> >
> >I thought that first (unsafe-unsafe) case is currently available just by:
> >
> >module name; // interface: unsafe   impl.: unsafe
> >
> >separating modules to unsafe-unsafe and safe-safe  has no
> >usefulness - as those modules could not interact, specifically you
> >need modules that are implemented by unsafe means, but provides
> >only safe interface, so I see it as:
> >
> >module name;                  // interface: unsafe   impl.: unsafe
> >module (system) name;         // interface: safe     impl.: unsafe
> >module (safe) name;           // interface: safe     impl.: safe
> >
> >so you can call system modules (io, network...) from safe code.

I think safe should be the default, as it should be the most used flavor
in user code, right? What about:

module s;             // interface: safe     impl.: safe
module (trusted) t;   // interface: safe     impl.: unsafe
module (unsafe) u;    // interface: unsafe   impl.: unsafe

* s can import other safe or trusted modules (no unsafe for s).
* t can import any kind of module, but he guarantee not to corrupt your
  memory if you use it (that's why s can import it).
* u can import any kind of modules and makes no guarantees (C bindings
  use this).

> That's a pretty clean design. How would it interact with a -safe
> command-line flag?

I'll use safe by default. If you want to use broken stuff (everything
should be correctly marked as safe (default), trusted or unsafe) and let
it compile anyway, add a compiler flag -no-safe (or whatever).

But people should never use it, unless you are using some broken library
or you are to lazy to mark your modules correctly.


Is this too crazy?

-- 
Leandro Lucarella (AKA luca)                     http://llucax.com.ar/
----------------------------------------------------------------------
GPG Key: 5F5A8D05 (F8CD F9A7 BF00 5431 4145  104C 949E BFB6 5F5A 8D05)
----------------------------------------------------------------------
El discman vuelve locos a los controles, te lleva a cualquier lugar.
Ajústense pronto los cinturones, nos vamos a estrellar.
Evidentemente, no escuchaste el speech,
que dio la azafata, antes de despegar.

More information about the Digitalmars-d mailing list