safety model in D
Michal Minich
michal at minich.sk
Wed Nov 4 07:15:33 PST 2009
Hello Michel,
> I'm not sure this works so well. Look at this:
>
> module memory; // unsafe interface - unsafe impl.
> extern (C) void* malloc(int);
> extern (C) void free(void*);
> module (system) my.system; // safe interface - unsafe impl.
> import memory;
> void test() { auto i = malloc(10); free(i); } // ok: unsafe impl.
> allowed
> module (safe) my.safe; // safe interface - safe impl.
> import memory;
> void test() { auto i = malloc(10); free(i); } // error: malloc,
> free
> are unsafe
> How is this supposed to work correctly with and without the "-safe"
> compiler flag? The way you define things "-safe" would make module
> memory safe for use while it is not.
I'm saying the module memory would not compile when compiler is called with
-safe switch.
the compiler would try to compile each module without safety specification,
as if they were *marked* (safe) - which will not succeed for module memory
in this case.
In this setting, the reasons to have -safe compiler switch are not so important,
they are more like convenience, meaning more like -forcesafe.
You would want to use this flag only when you *need* to make sure your application
is safe, usually when you are using other libraries. By this switch you can
prevent compilation of unsafe application in case some other library silently
changes safe module to unsafe in newer version.
More information about the Digitalmars-d
mailing list