On 15/04/14 09:20 PM, Tommi wrote: > Disclaimer: > I don't know the current status of 'assert' macro, but for the duration of > this post I'll assume that it's going to change into a sanity-checking tool > and will get compiled away in release builds. I'll also assume that there > will be a macro called 'enforce' that will do the same thing as 'assert' > except that it won't disappear in release builds. > > Intro: > The 'unsafe' keyword represents the programmer's promise not to write any > memory-safety bugs in the block that follows it. > > Suggestion: > Let's add another keyword, say 'bugprone', that would represent the > programmer's promise not to write any non-memory-safety bugs in the block > that follows it. The effect would be that in such a block, all uses of the > 'enforce' macro would disappear. > > Motivating example: > fn foo(x: int, y: int) { > enforce!(x < y); > ... > } > It is documented that the function above has a prerequisite x < y and that if > it's satisfied, the function call is valid and won't cause a task failure. > When the programmer is in a position to know that the prerequisite is > satisfied, he could use this new keyword to make all 'enforce' statements in > 'foo' disappear: > bugprone { foo(x, y) }
This would require compiling the functions again, and assumes the `enforce!()` macro is only used to handle safety critical preconditions.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Rust-dev mailing list Rust-dev@mozilla.org https://mail.mozilla.org/listinfo/rust-dev