Can we just have struct inheritence already?

Timon Gehr timon.gehr at gmx.ch
Fri Jun 14 12:16:04 UTC 2019


On 14.06.19 07:20, ag0aep6g wrote:
> On 14.06.19 02:23, Timon Gehr wrote:
>> On 14.06.19 00:27, Manu wrote:
> [...]
>>> Breaking private access is not in any way shape or form a memory
>>> safety violation.
>>>
>>
>> It can very well be if the private data is managed by a @trusted 
>> interface that assumes @safe code cannot meddle with that data because 
>> it is private.
> 
> Strictly speaking, @trusted can't assume that. One can always write 
> @safe code in the same module and (accidentally) mess with the private 
> data that way.
> ...

Yes, it's a problem. @safe functions in a module with @trusted functions 
operating on private data should be a red flag. The value of @trusted is 
suspect if you can introduce memory corruption by only adding/editing 
@safe code.

> An @trusted function that relies on `private` for safety does not 
> present an @safe interface to its own module.
> 
> In practice, that's often overlooked or ignored, though. With a 
> restricted tupleof, at least the damage is contained in one module.

There's also the issue that sometimes you want to call a @safe function 
from a @trusted function, and this is currently allowed. However, 
technically, the @trusted function is not able to assume that the @safe 
function has no bugs, because they could be later introduced when the 
@safe code is edited.


More information about the Digitalmars-d mailing list