Reddit: SafeD - The Safe Subset of D
Charles D Hixson
charleshixsn at earthlink.net
Tue Mar 25 12:50:30 PDT 2008
Walter Bright wrote:
> Dejan Lekic wrote:
>> This simple concept is amazing, as is the fact that Modula-3 (as a
>> language) had this (plus numerous other modern features) two decades ago.
>
> Features from Modula-3 make me nervous, as Modula-3 was an abject
> failure. I don't know why M3 failed, so I am suspicious of adopting
> features without thoroughly understanding why M3 failed.
That particular feature, however, seems reasonable. But I
question the granularity.
I think that unsafe should be an attribute that could be set
statically for a class or a function. And read whenever you
felt like reading it, of course. But the question is, should
it be set by the compiler, or by the programmer. And what
form should a check for safe vs. unsafe take?
One obvious form would be an assert check, but this presumes
that unsafe code is allowed by default, and is only rejected
if a test fails.
Another plausible approach would be to by default forbid the
calling of unsafe code, and to have a pragma that allows it.
This is a bit messy, as pragmas don't have nice boundary
conditions. (Rather like extern. You either enable it for a
statement/block, or for all succeeding statement/blocks.
Still, a variation of pragma, the
pragma ( Identifier , ExpressionList )
form, could be nice. I'm thinking of it having the form:
pragma (AllowUnsafe, class1, class2, etc,
classk::unsafeFunction, etc.);
to allow the use of the specified unsafe code. The reason for
this form of the pragma is so that you don't accidentally
allow all unsafe functions throughout and entire module by
mistake. Naturally the normal rules would still apply: If
you declared a pragma within a block, it would only apply
within that block.
If you're adopting the pragma form, then the code could be
detected as unsafe by the compiler, and only it's use
forbidden (unless specifically allowed).
I haven't been able to think of any reason for dynamically
allowing/forbidding the use of unsafe code, though I suppose
such is possible. In such a case it would probably be
appropriate to use whatever form of allowance is decided upon,
and then to forbid it with standard if statement (or try/catch
blocks).
More information about the Digitalmars-d-announce
mailing list