@safety of Array

monarch_dodra via Digitalmars-d digitalmars-d at puremagic.com
Tue Oct 14 03:49:43 PDT 2014 

On Tuesday, 14 October 2014 at 01:47:10 UTC, Brad Roberts via 
Digitalmars-d wrote:
> On 10/13/2014 1:28 PM, monarch_dodra via Digitalmars-d wrote:
>> On Monday, 13 October 2014 at 17:16:40 UTC, Brad Roberts via
>> Digitalmars-d wrote:
>>> On 10/13/2014 7:47 AM, Andrei Alexandrescu via Digitalmars-d 
>>> wrote:
>>>> On 10/12/14, 5:41 PM, Brad Roberts via Digitalmars-d wrote:
>>>>> I know it's a tricky implementation, but let's focus on the 
>>>>> goal..
>>>>> should Array be usable in @safe code?
>>>>
>>>> Yes. In order for that to be 100% automatically checkable, 
>>>> we need the
>>>> rules restricting escape of addresses of returns by 
>>>> reference. -- Andrei
>>>
>>> 100% checkable isn't required right now.  For it to be used 
>>> in an
>>> @safe context all that's needed is liberal use of @trusted. 
>>> That can
>>> be refined over time to a more checked version.  We shouldn't 
>>> wait for
>>> checkability.
>>>
>>> Will one of you experts in the impl of Array volunteer to 
>>> make the
>>> appropriate changes?
>>
>> The issue is that it's *not* safe though. You can escape the 
>> reference,
>> destroy it, and end up with a dangling pointer. Arbitrarily 
>> marking
>> things as trusted seriously undermines what safe means. 
>> @trusted should
>> be used with extreme caution.
>
> That's why I asked the question I did.  The core question isn't 
> about what the current implementation is or does but about 
> where it should end up.  Should Array be usable in @safe code.  
> So far:
>
> Jakob: focused on impl
> Andrei: yes
> Monarch: focused on impl
>
> I totally agree that @trusted must be used with lots of 
> caution.  But my point in that post was that impl isn't the 
> issue and requiring that everything be fixed and perfect also 
> isn't the issue.  If we don't know and understand where we want 
> to be, the chances of accidentally landing there are rather low.
>
> More and more code is being created in Phobos all the time, and 
> it's use in @safe code is largely an afterthought.  Please 
> don't derail this thread and talk about process.. keep this 
> thread focused on Array.
>
> Thanks,
> Brad

You say I'm focused on impl, but @safe *is* an implementation 
certification.

I'm not derailing the thread or talking about process. If Array 
can't be certified memory safe, then it can't be marked as @safe. 
That's really all there is to it.

More information about the Digitalmars-d mailing list