@safety of Array

[Brad Roberts via Digitalmars-d]

On 10/13/2014 1:28 PM, monarch_dodra via Digitalmars-d wrote:
> On Monday, 13 October 2014 at 17:16:40 UTC, Brad Roberts via
> Digitalmars-d wrote:
>> On 10/13/2014 7:47 AM, Andrei Alexandrescu via Digitalmars-d wrote:
>>> On 10/12/14, 5:41 PM, Brad Roberts via Digitalmars-d wrote:
>>>> I know it's a tricky implementation, but let's focus on the goal..
>>>> should Array be usable in @safe code?
>>>
>>> Yes. In order for that to be 100% automatically checkable, we need the
>>> rules restricting escape of addresses of returns by reference. -- Andrei
>>
>> 100% checkable isn't required right now.  For it to be used in an
>> @safe context all that's needed is liberal use of @trusted. That can
>> be refined over time to a more checked version.  We shouldn't wait for
>> checkability.
>>
>> Will one of you experts in the impl of Array volunteer to make the
>> appropriate changes?
>
> The issue is that it's *not* safe though. You can escape the reference,
> destroy it, and end up with a dangling pointer. Arbitrarily marking
> things as trusted seriously undermines what safe means. @trusted should
> be used with extreme caution.

That's why I asked the question I did.  The core question isn't about 
what the current implementation is or does but about where it should end 
up.  Should Array be usable in @safe code.  So far:

Jakob: focused on impl
Andrei: yes
Monarch: focused on impl

I totally agree that @trusted must be used with lots of caution.  But my 
point in that post was that impl isn't the issue and requiring that 
everything be fixed and perfect also isn't the issue.  If we don't know 
and understand where we want to be, the chances of accidentally landing 
there are rather low.

More and more code is being created in Phobos all the time, and it's use 
in @safe code is largely an afterthought.  Please don't derail this 
thread and talk about process.. keep this thread focused on Array.

Thanks,
Brad