Safety, undefined behavior, @safe, @trusted

Knud Soerensen 4tuu4k002 at sneakemail.com
Fri Nov 6 08:16:27 PST 2009 

Instead of just defining @safe and @trusted
it should possible to define this type of code annotations and 
constrains in D.

See Red Code/Green Code - Generalizing Const by Scott Meyers
http://video.google.com/videoplay?docid=-4728145737208991310#

Then we can define @safe, @pure, @thread_safe, @exception_safe, @gpl, 
@lgpl, @beautiful and @ugly code or all the constrains we like.

It would also be nice if we could annotate code with @debug
and then it would argument the code with debugging code.


Walter Bright wrote:
> Following the safe D discussions, I've had a bit of a change of mind. 
> Time for a new strawman.
> 
> Based on Andrei's and Cardelli's ideas, I propose that Safe D be defined 
> as the subset of D that guarantees no undefined behavior. Implementation 
> defined behavior (such as varying pointer sizes) is still allowed.
> 
> Memory safety is a subset of this. Undefined behavior nicely covers 
> things like casting away const and shared.
> 
> Safety has a lot in common with function purity, which is set by an 
> attribute and verified by the compiler. Purity is a subset of safety.
> 
> Safety seems more and more to be a characteristic of a function, rather 
> than a module or command line switch. To that end, I propose two new 
> attributes:
> 
> @safe
> @trusted
> 
> A function marked as @safe cannot use any construct that could result in 
> undefined behavior. An @safe function can only call other @safe 
> functions or @trusted functions.
> 
> A function marked as @trusted is assumed to be safe by the compiler, but 
> is not checked. It can call any function.
> 
> Functions not marked as @safe or @trusted can call any function.
> 
> To mark an entire module as safe, add the line:
> 
>    @safe:
> 
> after the module statement. Ditto for marking the whole module as 
> @trusted. An entire application can be checked for safety by making 
> main() safe:
> 
>     @safe int main() { ... }
> 
> This proposal eliminates the need for command line switches, and 
> versioning based on safety.


-- 
Join me on
CrowdNews  http://crowdnews.eu/users/addGuide/42/
Facebook   http://www.facebook.com/profile.php?id=1198821880
Linkedin   http://www.linkedin.com/pub/0/117/a54
Mandala    http://www.mandala.dk/view-profile.php4?profileID=7660

More information about the Digitalmars-d mailing list