Rainer Deyke wrote:
Andrei Alexandrescu wrote:
module name; // interface: unsafe impl.: unsafe
module (system) name; // interface: safe impl.: unsafe
module (safe) name; // interface: safe impl.: safe
so you can call system modules (io, network...) from safe code.
That's a pretty clean design. How would it interact with a -safe
command-line flag?
'-safe' turns on runtime safety checks, which can be and should be
mostly orthogonal to the module safety level.
Runtime vs. compile-time is immaterial. There's one goal - no undefined
behavior - that can be achieved through a mix of compile- and run-time
checks.
My understanding of a good model suggested by this discussion:
module name; // does whatever, just like now
module(safe) name; // submits to extra checks
module(system) name; // encapsulates unsafe stuff in a safe interface
No dedicated compile-time switches.
Andrei
