Prototype of Ownership/Borrowing System for D

Sebastiaan Koppe mail at
Sun Nov 24 13:42:33 UTC 2019

On Saturday, 23 November 2019 at 23:40:05 UTC, Timon Gehr wrote:
> struct MP(T){ // owning, malloc-backed pointer
>     private T* payload;
>     @disable this();
>     @disable this(T*); // can't construct
>     @disable this(this); // can't copy (move-only type; 
> therefore track
>                                         this type like you track
>                                         pointers in @live now)
>     pragma(inline,true){
>         private @system ~this(){} // only current module can 
> drop
>                                   // values, in @system or 
> @trusted code
>         ref T borrow()return{ return *payload; }
>     }
>     // can borrow out internal pointer
>     alias borrow this;
> }
> @safe MP!T malloc(); // type tracks allocator
> @trusted void free(MP!T); // @safe because pointer is known to 
> be unique and malloc'd

To be honest I don't fully understand all the points you are 

But that, that is a thing of beauty, exactly what I want.

The insight I gained from it is that you should not annotate 
functions, but rather, express the semantics you need by 
annotating a struct. Taken to its natural conclusion, that would 
make raw pointers @system. To use them in @safe you would need a 
wrapper struct with the semantics you need. This also scales 
really well, instead of adding yet another @annotation to every 
function every year, you just update your structs with the latest 
semantics you need.

If I have some time I am going to reread your latest posts, as I 
want to have a better understanding of what you are saying.

Thank you for fighting this fight.

More information about the Digitalmars-d mailing list