@safety of Array
monarch_dodra via Digitalmars-d
digitalmars-d at puremagic.com
Tue Oct 14 03:49:43 PDT 2014
On Tuesday, 14 October 2014 at 01:47:10 UTC, Brad Roberts via
Digitalmars-d wrote:
> On 10/13/2014 1:28 PM, monarch_dodra via Digitalmars-d wrote:
>> On Monday, 13 October 2014 at 17:16:40 UTC, Brad Roberts via
>> Digitalmars-d wrote:
>>> On 10/13/2014 7:47 AM, Andrei Alexandrescu via Digitalmars-d
>>> wrote:
>>>> On 10/12/14, 5:41 PM, Brad Roberts via Digitalmars-d wrote:
>>>>> I know it's a tricky implementation, but let's focus on the
>>>>> goal..
>>>>> should Array be usable in @safe code?
>>>>
>>>> Yes. In order for that to be 100% automatically checkable,
>>>> we need the
>>>> rules restricting escape of addresses of returns by
>>>> reference. -- Andrei
>>>
>>> 100% checkable isn't required right now. For it to be used
>>> in an
>>> @safe context all that's needed is liberal use of @trusted.
>>> That can
>>> be refined over time to a more checked version. We shouldn't
>>> wait for
>>> checkability.
>>>
>>> Will one of you experts in the impl of Array volunteer to
>>> make the
>>> appropriate changes?
>>
>> The issue is that it's *not* safe though. You can escape the
>> reference,
>> destroy it, and end up with a dangling pointer. Arbitrarily
>> marking
>> things as trusted seriously undermines what safe means.
>> @trusted should
>> be used with extreme caution.
>
> That's why I asked the question I did. The core question isn't
> about what the current implementation is or does but about
> where it should end up. Should Array be usable in @safe code.
> So far:
>
> Jakob: focused on impl
> Andrei: yes
> Monarch: focused on impl
>
> I totally agree that @trusted must be used with lots of
> caution. But my point in that post was that impl isn't the
> issue and requiring that everything be fixed and perfect also
> isn't the issue. If we don't know and understand where we want
> to be, the chances of accidentally landing there are rather low.
>
> More and more code is being created in Phobos all the time, and
> it's use in @safe code is largely an afterthought. Please
> don't derail this thread and talk about process.. keep this
> thread focused on Array.
>
> Thanks,
> Brad
You say I'm focused on impl, but @safe *is* an implementation
certification.
I'm not derailing the thread or talking about process. If Array
can't be certified memory safe, then it can't be marked as @safe.
That's really all there is to it.
More information about the Digitalmars-d
mailing list