Safety, undefined behavior, @safe, @trusted
Michel Fortin
michel.fortin at michelf.com
Thu Nov 5 20:01:07 PST 2009
On 2009-11-05 22:22:39 -0500, Leandro Lucarella <llucax at gmail.com> said:
> Michel Fortin, el 5 de noviembre a las 19:43 me escribiste:
>> But if you remove bound checking, it isn't safe anymore, is it?
>
> 100% safe doesn't exist. If you think you have it because of
> bound-checking, you are wrong.
True. What I meant was some things that were supposed to be safe in
SafeD (arrays) are no longer safe, pretty much destroying the concept
of SafeD being memory safe.
>> Sometime safety is more important than performance. [...]
>
> What if I'm using an external library that I don't control? *That's* the
> problem for me, I want to be able to compile things I *trust* as if they
> were *trusted* :)
>
> I vote for an -unsafe (and/or -disable-bound-check). Safe should be the
> default.
You're right. Having "-unsafe" to disable runtime checks is better than
"-safe" to enable them because then the default behavior is safe. And
it allows you to recompile any library you want with "-unsafe" to
remove runtime checks from @safe functions when you don't care about
safety.
--
Michel Fortin
michel.fortin at michelf.com
http://michelf.com/
More information about the Digitalmars-d
mailing list