RCArray is unsafe
via Digitalmars-d
digitalmars-d at puremagic.com
Tue Mar 3 09:19:33 PST 2015
On Tuesday, 3 March 2015 at 15:03:41 UTC, Andrei Alexandrescu
wrote:
> On 3/3/15 5:45 AM, "Marc =?UTF-8?B?U2Now7x0eiI=?=
> <schuetzm at gmx.net>" wrote:
>> On Tuesday, 3 March 2015 at 09:05:46 UTC, Walter Bright wrote:
>>> On 3/2/2015 9:58 PM, weaselcat wrote:
>>>> Borrowing 'a' from a struct would make the parent struct
>>>> immutable
>>>> during the
>>>> borrow scope of 'a', I believe.
>>>
>>> Right, now consider that struct is a leaf in a complex graph
>>> of data
>>> structures.
>>
>> Then you still cannot have more than one mutable reference to
>> the entire
>> graph. Because that is impractical, Rust uses unsafe (i.e.
>> @trusted in D
>> speak) accessors that "cast away" the ownership, but do so in
>> a way that
>> doesn't violate the guarantees.
>>
>> For example, the type system doesn't allow you to get mutable
>> references
>> to the left and right children of a binary tree node. But
>> there can be
>> an accessor method that internally does some unsafe magic to
>> return a
>> tuple with mutable references to them, annotated with the
>> information
>> that they are mutably borrowed from the node. Both child refs
>> are
>> mutable, and the parent node is inaccessible as long as they
>> exist.
>
> Well... the bigger problem is that it's relying on a
> convention. The accessor method needs to be constructed in a
> particular way that's easy to get wrong and that the compiler
> has no way to check for us.
>
> :o)
To avoid misunderstandings: It is in reply to a sub-thread where
Walter asked about how Rust's type system works. This is an
example for Rust, not for D.
Therefore, your reply isn't really valid. In Rust, it is an
escape hatch from a fundamentally safe type system, whereas in D
it would be a necessary convention to make usage of RC safe.
More information about the Digitalmars-d
mailing list