digitalmars.D - Re: safe status
- bearophile <bearophileHUGS lycos.com> Feb 08 2010
- Michel Fortin <michel.fortin michelf.com> Feb 08 2010
- bearophile <bearophileHUGS lycos.com> Feb 08 2010
- Michel Fortin <michel.fortin michelf.com> Feb 08 2010
- bearophile <bearophileHUGS lycos.com> Feb 08 2010
- Michel Fortin <michel.fortin michelf.com> Feb 08 2010
- Andrei Alexandrescu <SeeWebsiteForEmail erdani.org> Feb 08 2010
- bearophile <bearophileHUGS lycos.com> Feb 08 2010
- Michel Fortin <michel.fortin michelf.com> Feb 08 2010
Michel Fortin:I think SafeD as currently implemented has the right design, except when it comes to passing delegates and functions as arguments to templates or functions.
The less significant bit of the function/delegate pointer can be used to denote safe/unsafe :o) Bye, bearophile
Feb 08 2010
On 2010-02-08 14:31:06 -0500, bearophile <bearophileHUGS lycos.com> said:Michel Fortin:I think SafeD as currently implemented has the right design, except when it comes to passing delegates and functions as arguments to templates or functions.
The less significant bit of the function/delegate pointer can be used to denote safe/unsafe :o)
What would be the point? The problem is when you have a safe function taking a delegate, like this: safe void test(void delegate() run) { run(); } void main() { test({ writeln("hello world"); }); } Here, the delegate literal is unsafe and you give it to a safe function. The compiler disallow test() from calling run() because it is unsafe. This is just too restricting. Do we really want to have to create two versions of test(), one with a safe delegate the other with an unsafe one? -- Michel Fortin michel.fortin michelf.com http://michelf.com/
Feb 08 2010
Michel Fortin:This is just too restricting. Do we really want to have to create two versions of test(), one with a safe delegate the other with an unsafe one?
What's the point of having safe code? If safe code can run unsafe code in a so simple and clean way (with no casts, etc), then there's little point in having safe annotations. Extra notes: - In some situations with a bit of flow analysis the compiler can avoid to test the safe bit of the pointer. - If the D compiler gets good at separating safe code from unsafe one at compile time, then then GC might even move safe class instances in memory. I am not sure. Bye, bearophile
Feb 08 2010
On 2010-02-08 15:51:35 -0500, bearophile <bearophileHUGS lycos.com> said:What's the point of having safe code? If safe code can run unsafe code in a so simple and clean way (with no casts, etc), then there's little point in having safe annotations.
Safe functions are safe only when you give them safe arguments. Passing an unsafe delegate to a safe function is not much different from passing a pointer: both can cause memory corruption. But unsafe functions can give whatever pointer they want to a safe function, so why that restriction for delegates? When is that restriction helpful? I think that restriction is not helpful and only gets in the way. But please show me otherwise. -- Michel Fortin michel.fortin michelf.com http://michelf.com/
Feb 08 2010
Michel Fortin:But unsafe functions can give whatever pointer they want to a safe function,<
Can pointers be used in safe modules/functions? Bye, bearophile
Feb 08 2010
On 2010-02-08 16:21:31 -0500, bearophile <bearophileHUGS lycos.com> said:Michel Fortin:But unsafe functions can give whatever pointer they want to a safe function,<
Can pointers be used in safe modules/functions?
Yes. And object references too. And arrays. All those are pointers of some sort. You wouldn't go very far without them. -- Michel Fortin michel.fortin michelf.com http://michelf.com/
Feb 08 2010
Michel Fortin wrote:On 2010-02-08 16:21:31 -0500, bearophile <bearophileHUGS lycos.com> said:Michel Fortin:But unsafe functions can give whatever pointer they want to a safe function,<
Can pointers be used in safe modules/functions?
Yes. And object references too. And arrays. All those are pointers of some sort. You wouldn't go very far without them.
Pointers undergo significantly less control than arrays and object references. Andrei
Feb 08 2010
bearophile <bearophileHUGS lycos.com> Andrei Alexandrescu:Pointers undergo significantly less control than arrays and object references.
Thanks Epona I've recently shown here a safer ranged pointer struct for D2. Bye, bearophile
Feb 08 2010
On 2010-02-08 17:20:21 -0500, Andrei Alexandrescu <SeeWebsiteForEmail erdani.org> said:Michel Fortin wrote:On 2010-02-08 16:21:31 -0500, bearophile <bearophileHUGS lycos.com> said:Michel Fortin:But unsafe functions can give whatever pointer they want to a safe function,<
Can pointers be used in safe modules/functions?
Yes. And object references too. And arrays. All those are pointers of some sort. You wouldn't go very far without them.
Pointers undergo significantly less control than arrays and object references.
Yes. But an unsafe function can still give a bad pointer to a safe function and have the safe function corrupt some memory. The whole point is that you don't have a "safe pointer" type for giving only safe pointers to safe functions: a safe function will accept any pointer. The same should be true for delegates: an unsafe function should be able to call any delegate you feed it with. But only unsafe functions should be allowed to create an unsafe delegate in the first place. It could be achieved simply by abolishing the safe qualifier for variables of type delegate or function pointer and restricting safe code so that it can only get the address of another safe function. -- Michel Fortin michel.fortin michelf.com http://michelf.com/
Feb 08 2010
Michel Fortin wrote:On 2010-02-08 17:20:21 -0500, Andrei Alexandrescu <SeeWebsiteForEmail erdani.org> said:Michel Fortin wrote:On 2010-02-08 16:21:31 -0500, bearophile <bearophileHUGS lycos.com> said:Michel Fortin:But unsafe functions can give whatever pointer they want to a safe function,<
Can pointers be used in safe modules/functions?
Yes. And object references too. And arrays. All those are pointers of some sort. You wouldn't go very far without them.
Pointers undergo significantly less control than arrays and object references.
Yes. But an unsafe function can still give a bad pointer to a safe function and have the safe function corrupt some memory.
This is irrelevant because once you have one unsafe function, you have one unsafe program. Andrei
Feb 08 2010