Safety, undefined behavior, @safe, @trusted
Walter Bright
newshound1 at digitalmars.com
Thu Nov 5 16:14:47 PST 2009
Andrei Alexandrescu wrote:
> Walter Bright wrote:
>> Jason House wrote:
>>> I posted in the other thread how casting to immutable/shared can be
>>> just as bad. A leaked reference prior to casting to immutable/shared
>>> is in effect the same as casting away shared. No matter how you mix
>>> thread local and shared, or mutable and immutable, you still have the
>>> same undefined behavior
>>
>> Not undefined, it's just that the compiler can't prove it's defined
>> behavior. Hence, such code would go into a trusted function.
>
> Are we in agreement that @safe functions have bounds checking on
> regardless of -release?
You're right from a theoretical perspective, but not from a practical
one. People ought to be able to flip on 'safe' without large performance
penalties.
If it came with inescapable large performance penalties, then it'll get
a bad rap and people will be reluctant to use it, defeating its purpose.
More information about the Digitalmars-d
mailing list