www.digitalmars.com         C & C++   DMDScript  

digitalmars.D - Re: Why I chose D over Ada and Eiffel

On Thu, Aug 22, 2013 at 07:16:09PM +0200, John Colvin wrote:
 On Thursday, 22 August 2013 at 16:46:46 UTC, H. S. Teoh wrote:
On Thu, Aug 22, 2013 at 05:50:49PM +0200, John Colvin wrote:

If I was managing a D based team, I would definitely make use of
safe/system for code reviews. Any commit that touches  system code*
would have to go through an extra stage or something to that effect.

Are you sure about that? import std.stdio; void main() safe { writeln("abc"); } DMD says: /tmp/test.d(3): Error: safe function 'D main' cannot call system function 'std.stdio.writeln!(string).writeln' SafeD is a nice concept, I agree, but we have a ways to go before it's usable.

 Fair point. Why is that writeln can't be  trusted?

On Thu, Aug 22, 2013 at 07:16:48PM +0200, John Colvin wrote: [...]
 In the case of a string, that is.

That's a very good question. :) As an experiment, I just tried putting safe on std.stdio.File.writeln, which led to needing safe on write(), then lockingTextWriter, and ultimately to std.range.put. Now AFAIK, the compiler should be inferring attributes like safe for std.range.put if it is actually safe, but I didn't look deeper for the underlying cause. In any case, if this isn't already in bugzilla it should be. This isn't the only instance of issues with SafeD, though. Currently, there are many things that *should* be safe, but aren't. We could, in theory, just slap trusted on them and call it a day, but I'd much rather we be careful with that and only use trusted where we can actually prove the code's trustworthiness (i.e., not in template functions that call an arbitrary type's popFront method, which, in theory, could do *anything*). T -- There are three kinds of people in the world: those who can count, and those who can't.
Aug 22 2013