On 2009-11-04 09:29:21 -0500, Michal Minich <[email protected]> said:
Hello Andrei,
Michal Minich wrote:
Hello Michel,
module (system) name; // interface: unsafe impl.: unsafe
module (safe) name; // interface: safe impl.: safe
I thought that first (unsafe-unsafe) case is currently available just
by:
module name; // interface: unsafe impl.: unsafe
separating modules to unsafe-unsafe and safe-safe has no usefulness
- as those modules could not interact, specifically you need modules
that are implemented by unsafe means, but provides only safe
interface, so I see it as:
module name; // interface: unsafe impl.: unsafe
module (system) name; // interface: safe impl.: unsafe
module (safe) name; // interface: safe impl.: safe
so you can call system modules (io, network...) from safe code.
That's a pretty clean design. How would it interact with a -safe
command-line flag?
Andrei
When compiling with -safe flag, you are doing it because you need your
entire application to be safe*.
Safe flag would just affect modules with no safety flag specified -
making them (safe):
module name; --> module (safe) name;
and then compile.
I'm not sure this works so well. Look at this:
module memory; // unsafe interface - unsafe impl.
extern (C) void* malloc(int);
extern (C) void free(void*);
module (system) my.system; // safe interface - unsafe impl.
import memory;
void test() { auto i = malloc(10); free(i); } // ok: unsafe impl.
allowed
module (safe) my.safe; // safe interface - safe impl.
import memory;
void test() { auto i = malloc(10); free(i); } // error: malloc, free
are unsafe
How is this supposed to work correctly with and without the "-safe"
compiler flag? The way you define things "-safe" would make module
memory safe for use while it is not.
--
Michel Fortin
[email protected]
http://michelf.com/
