safety model in D
Andrei Alexandrescu
SeeWebsiteForEmail at erdani.org
Wed Nov 4 13:21:00 PST 2009
Rainer Deyke wrote:
> Andrei Alexandrescu wrote:
>>> module name; // interface: unsafe impl.: unsafe
>>> module (system) name; // interface: safe impl.: unsafe
>>> module (safe) name; // interface: safe impl.: safe
>>>
>>> so you can call system modules (io, network...) from safe code.
>> That's a pretty clean design. How would it interact with a -safe
>> command-line flag?
>
> '-safe' turns on runtime safety checks, which can be and should be
> mostly orthogonal to the module safety level.
Runtime vs. compile-time is immaterial. There's one goal - no undefined
behavior - that can be achieved through a mix of compile- and run-time
checks.
My understanding of a good model suggested by this discussion:
module name; // does whatever, just like now
module(safe) name; // submits to extra checks
module(system) name; // encapsulates unsafe stuff in a safe interface
No dedicated compile-time switches.
Andrei
More information about the Digitalmars-d
mailing list