Supporting unsafe as a keyword?
#116
Comments
|
I'm open to designing such a mechanism. One question is what to do with functions/APIs that take Another way might be to do it file-by-file, either as an annotation at the top, or by forcing the user to specify additional options at the command line. For example, a big bundle of unsafe code is the runtime itself, which is already normally passed in |
Rust accomplishes this in two ways: a function can be annotated as |
Another one of my favourite Rust-isms is the clear boundary between "safe" and "unsafe" with the use of the
unsafekeyword. I think it's quite nice to be able to work with mainly "safe" code throughout the codebase and then, if required, open the escape hatch with anunsafe { }and then dealing with mucky stuff there. If mmtk and JikesRVM have proven anything, it is that you don't always need to be in "unsafe"-land in order to make good, performant systems.Currently Virgil code sparingly uses unsafe code, with most of the unsafe code being relegated to the runtime such as pointer arithmetic for GC [1], system calls and other things interfacing with the kernel [2], etc. I think this is largely a good thing, that is, most of the unsafe stuff is already separated, but I think it's semantically nice to go: oh I need to do pointer arithmetic here, I should reason about why I think this is "safe" even though it is an inherently "unsafe" operation.
As an aside, is there a reason why Virgil code for handling files uses file descriptors etc. instead of having a nicer file API -- other than lack of time, I guess.
[1]: https://github.com/titzer/virgil/blob/master/rt/gc/SemiSpace.v3#L83-L86
[2]: https://github.com/titzer/virgil/blob/master/rt/x86-64-linux/System.v3#L75-L84
The text was updated successfully, but these errors were encountered: