Anonymous user
Safe mode: Difference between revisions
If Go qualifies for this, then Rust's more powerful implementation of the same safe/unsafe distinction does too
(Scala added.) |
(If Go qualifies for this, then Rust's more powerful implementation of the same safe/unsafe distinction does too) |
||
Line 134:
Really, if you want to lock down a Perl 6 instance so it is "safe" for unauthenticated, untrusted, general access, you are better off running it in some kind of locked down virtual machine or sandbox managed by the operating system rather than trying to build an ad hoc "safe" environment.
=={{header|Rust}}==
While Rust compiles to native code and does not provide any kind of runtime sandbox, it does implement a compile-time enforced distinction between "safe" and "unsafe" code, intended to improve the maintainability of complex codebases by confining sources of certain types of difficult-to-debug problems to small, clearly marked subsets of the code which can be audited more intensely.
Safe code, which is the default, cannot cause memory unsafety or data races as long the unsafe code it depends on upholds the invariants expected of it.
Unsafe code, enabled by marking a function, block, or trait (interface) with the <code>unsafe</code> keyword, enables the use of four additional language capabilities which the compiler cannot verify correct use of and which are intended for building safe abstractions, such as the standard library's <code>Mutex</code> and reference-counted pointers.
Those four capabilities are:
* Dereferencing raw pointers (Rust's name for C-style pointers)
* Calling <code>unsafe</code> functions (All foreign functions, as well native APIs with safety invariants that are impossible or impractical to encode in the type system)
* Interacting with mutable static variables (the idiomatic solution is to use "interior mutability" via a wrapper type like <code>Mutex</code> or <code>RWLock</code> which allows a mutable value to be stored in an "immutable" static variable.)
* Implementing an <code>unsafe</code> trait (interface)
To further the goal of improving maintainability in large codebases, the Rust compiler can also be configured to warn or error out if <code>unsafe</code> code is encountered within a given scope.
(An example of this would be an enterprise project where the coders most experienced in low-level work are responsible for the module where <code>unsafe</code> is allowed, while the majority of the codebase lives in modules which depend on the unsafe-containing module, but are configured to forbid the use of <code>unsafe</code> within their own code.)
=={{header|REXX}}==
| |||