safety model in D
Walter Bright
newshound1 at digitalmars.com
Tue Nov 3 16:21:06 PST 2009
Andrei Alexandrescu wrote:
> Sketch of the safe rules:
>
> \begin{itemize*}
> \item No @cast@ from a pointer type to an integral type and vice versa
replace integral type with non-pointer type.
> \item No @cast@ between unrelated pointer types
> \item Bounds checks on all array accesses
> \item No unions that include a reference type (array, @class@,
> pointer, or @struct@ including such a type)
pointers are not a reference type. Replace "reference type" with
"pointers or reference types".
> \item No pointer arithmetic
> \item No escape of a pointer or reference to a local variable outside
> its scope
revise: cannot take the address of a local or a reference.
> \item Cross-module function calls must only go to other @safe@ modules
> \end{itemize*}
add:
. no inline assembler
. no casting away of const, immutable, or shared
More information about the Digitalmars-d
mailing list