Prototype of Ownership/Borrowing System for D
Sebastiaan Koppe
mail at skoppe.eu
Sun Nov 24 13:42:33 UTC 2019
On Saturday, 23 November 2019 at 23:40:05 UTC, Timon Gehr wrote:
> struct MP(T){ // owning, malloc-backed pointer
> private T* payload;
> @disable this();
> @disable this(T*); // can't construct
> @disable this(this); // can't copy (move-only type;
> therefore track
> this type like you track
> pointers in @live now)
> pragma(inline,true){
> private @system ~this(){} // only current module can
> drop
> // values, in @system or
> @trusted code
> ref T borrow()return{ return *payload; }
> }
> // can borrow out internal pointer
> alias borrow this;
> }
>
> @safe MP!T malloc(); // type tracks allocator
> @trusted void free(MP!T); // @safe because pointer is known to
> be unique and malloc'd
To be honest I don't fully understand all the points you are
making.
But that, that is a thing of beauty, exactly what I want.
The insight I gained from it is that you should not annotate
functions, but rather, express the semantics you need by
annotating a struct. Taken to its natural conclusion, that would
make raw pointers @system. To use them in @safe you would need a
wrapper struct with the semantics you need. This also scales
really well, instead of adding yet another @annotation to every
function every year, you just update your structs with the latest
semantics you need.
If I have some time I am going to reread your latest posts, as I
want to have a better understanding of what you are saying.
Thank you for fighting this fight.
More information about the Digitalmars-d
mailing list