Safe mode in D?
H. S. Teoh
hsteoh at quickfur.ath.cx
Fri Oct 18 10:05:39 PDT 2013
On Fri, Oct 18, 2013 at 06:34:07PM +0200, Paulo Pinto wrote:
> Am 18.10.2013 17:40, schrieb Andrei Alexandrescu:
> >On 10/17/13 11:53 PM, Maxim Fomin wrote:
> >>...
> >
> >It's a given that safety will disallow constructs that are safe upon
> >inspection but the type system is unable to prove correct. This is
> >the case for all languages, C# included.
> >
> >
> >Andrei
> >
>
>
> Wouldn't be easier, if D followed a model similar to C# and Modula-3
> where the code is by default safe and system/trusted code is only
> allowed inside explicitly unsafe code blocks?
>
> Just an idea, maybe it wouldn't be much different from what it is now.
[...]
It would break existing code.
But if we're gonna do it, I say we should go all the way: make @safe,
pure, and nothrow default, and require annotations only for @system,
impure, throwing. If we advertise D as "do the right thing by default,
but allow the user to override it if necessary", then we should make all
code @safe, pure, and nothrow by default. (Well, at the very least @safe
and pure, I'm not as sure about making nothrow default. But it would be
nice for those performance-conscious people who don't like the fact that
throwing functions require extra stack frame setup, which thus impacts
performance.)
T
--
One Word to write them all, One Access to find them, One Excel to count them all, And thus to Windows bind them. -- Mike Champion
More information about the Digitalmars-d
mailing list