safety model in D
Michal Minich
michal.minich at gmail.com
Wed Nov 4 12:11:40 PST 2009
On Wed, 04 Nov 2009 13:12:54 -0600, Andrei Alexandrescu wrote:
>> But I think there is no reason no use -no-safe compiler flag ... for
>> what reason one would want to force safer program to compile as less
>> safer :)
>
> Efficiency (e.g. remove array bounds checks).
>
>> As I'm thinking more about it, I don't see any reason to have any
>> compiler flag for safety at all.
>
> That would be a great turn of events!!!
>
>
> Andrei
Memory safety is pretty specific thing, If you want it, you want it all,
not just some part of it - then you cannot call it memory safety. The
idea of safe module, which under some compiler switch is not safe does
not appeal to me. But efficiency is also important, and if you want it,
why not move the code subjected to bounds checks to trusted/system module
- I hope they are not checked for bounds in release mode. Moving parts of
the code to trusted modules is more semantically describing, compared to
crude tool of ad-hoc compiler switch.
One thing I'm concerned with, whether there is compiler switch or not, is
that module numbers will increase, as you will probably want to split
some modules in two, because some part may be safe, and some not. I'm
wondering why the safety is not discussed on function level, similarly as
pure and nothrow currently exists. I'm not sure this would be good, just
wondering. Was this topic already discussed?
More information about the Digitalmars-d
mailing list