safety model in D
Michel Fortin
michel.fortin at michelf.com
Wed Nov 4 07:03:47 PST 2009
On 2009-11-04 09:29:21 -0500, Michal Minich <michal at minich.sk> said:
> Hello Andrei,
>
>> Michal Minich wrote:
>>
>>> Hello Michel,
>>>
>>>> module (system) name; // interface: unsafe impl.: unsafe
>>>> module (safe) name; // interface: safe impl.: safe
>>>>
>>> I thought that first (unsafe-unsafe) case is currently available just
>>> by:
>>>
>>> module name; // interface: unsafe impl.: unsafe
>>>
>>> separating modules to unsafe-unsafe and safe-safe has no usefulness
>>> - as those modules could not interact, specifically you need modules
>>> that are implemented by unsafe means, but provides only safe
>>> interface, so I see it as:
>>>
>>> module name; // interface: unsafe impl.: unsafe
>>> module (system) name; // interface: safe impl.: unsafe
>>> module (safe) name; // interface: safe impl.: safe
>>>
>>> so you can call system modules (io, network...) from safe code.
>>>
>> That's a pretty clean design. How would it interact with a -safe
>> command-line flag?
>>
>> Andrei
>>
>
> When compiling with -safe flag, you are doing it because you need your
> entire application to be safe*.
>
> Safe flag would just affect modules with no safety flag specified -
> making them (safe):
>
> module name; --> module (safe) name;
>
> and then compile.
I'm not sure this works so well. Look at this:
module memory; // unsafe interface - unsafe impl.
extern (C) void* malloc(int);
extern (C) void free(void*);
module (system) my.system; // safe interface - unsafe impl.
import memory;
void test() { auto i = malloc(10); free(i); } // ok: unsafe impl. allowed
module (safe) my.safe; // safe interface - safe impl.
import memory;
void test() { auto i = malloc(10); free(i); } // error: malloc, free
are unsafe
How is this supposed to work correctly with and without the "-safe"
compiler flag? The way you define things "-safe" would make module
memory safe for use while it is not.
--
Michel Fortin
michel.fortin at michelf.com
http://michelf.com/
More information about the Digitalmars-d
mailing list