On 28 Mar 2014, at 05:48, Daniel Micay <danielmi...@gmail.com> wrote:
>> I don't know about those other dialects. > > You're proposing introducing new dialect of Rust. > > In Crust, code generating a failure on out-of-bounds will now cause > silent memory corruption. Crust will do away with safety boundaries > completely by making `unsafe` and lifetimes a no-op in order to be a > true superset of Rust. > > In Frust, indexing slices is considered an unsafe operation. Very little > existing Rust code will compile under Frust, and some previously safe > checked indexing inside existing `unsafe` blocks will cause silent > memory corruption. > > I'm not sure which of these dialects you're proposing, but either one > would require a new set of buildbots to run the tests again. Both the > Crust and Frust languages would require many changes to the > documentation and code of the Rust libraries too. I'm proposing Frust. The flag would make indexing unsafe and change all functions that use indexing to unsafe and all functions that call those functions unsafe etc. Inside main and tests it would wrap unsafe blocks around all calls to those functions which it just made implicitly unsafe. >> In D, if you put the label safe in the beginning of each module and compile >> it with safe flag (and not with noboundscheck flag), then it is memory safe >> barring compiler bugs. It doesn't allow you to use pointer arithmetic or >> unsafe casts or call unsafe functions, but that's hardly what I'd call a >> *crippled* subset of the language. > > D doesn't even let you use ranges (iterators) in safe code. There are > barely any safe functions here, and that's true of most of the standard > library: > > http://dlang.org/phobos/std_range.html This is incorrect. All those range based functions (or majority of them... I'm not sure) are safe if the range(s) you pass to them is safe. That's why those range functions can't guarantee safety as part of their signature. For example, look at the following D code, where I'm using range based functions on a range that's memory safe in a code labeled as safe: import std.algorithm; import std.range; import std.stdio; @safe: // Labels everything memory-safe @trusted void show(T)(T a) { write(a, " "); } void main() { auto array = [1, 2, 3, 4, 5]; auto range = array[].retro .map!(a => a * a) .stride(2) .cycle .take(6); foreach (elem; range) { show(elem); // prints 25 9 1 25 9 1 } } > If you want D, then please go ahead and use D. Not constructive.
_______________________________________________ Rust-dev mailing list Rust-dev@mozilla.org https://mail.mozilla.org/listinfo/rust-dev
