Safe reference counting cannot be implemented as a library
Jonathan M Davis via Digitalmars-d
digitalmars-d at puremagic.com
Tue Oct 27 19:36:42 PDT 2015
On Wednesday, 28 October 2015 at 02:08:18 UTC, Sebastiaan Koppe
wrote:
> On Tuesday, 27 October 2015 at 11:41:52 UTC, Andrei
> Alexandrescu wrote:
>> The crux of the matter is modular typechecking. Consider the
>> following example:
>>
>> // module widget.d
>> @safe class Widget {
>> void fun() {
>> g_widget = this;
>> }
>> }
>> static Widget g_widget;
>> // end of module widget.d
>>
>> Now, once the typechecker OKs module widget.d, the summary
>> that all other typechecking "sees" is:
>>
>> @safe class Widget {
>> void fun();
>> }
>
> Isn't it a shame that that kind of information gets tossed
> aside? Seems to be very valuable and the loss of it the cause
> of several issues.
Perhaps, but that assignment is perfectly @safe. What isn't @safe
is when you then free the Widget later because a ref-count hit 0.
And that code already has to be @system or @trusted given what
it's doing. So, really, the problem is that some @safe operations
can lead to problems when @system code does stuff that assumes
that those operations did not occur. So, unfortunately, whether
that code can be @trusted depends on what some @safe code did
rather than @system code like you'd normally expect. But the
compiler simply doesn't understand enough about why something is
@system to be able to figure out where @safe code could foul it
up even if it has all of the source code to look at.
- Jonathan M Davis
More information about the Digitalmars-d
mailing list