Borrowing and Ownership

rikki cattermole rikki at
Sun Oct 27 23:40:06 UTC 2019

On 28/10/2019 11:36 AM, Timon Gehr wrote:
> - The problem with `@trusted` is that it has no defense against `@safe` 
> code destroying its invariants or accessing raw pointers that are only 
> meant to be manipulated by `@trusted` code. There should therefore be a 
> way to mark data as `@trusted` (or equivalent), such that `@safe` code 
> can not access it.

This seems artificially restrictive for this proposal.
However, we could instead split this off into its own DIP allowing 
attributes to act like visibility modifiers for variables.

I may not be convinced that this is required, but following it through 
to completion would be a good idea if its done at all.

> Change the meaning of `scope`:
> - `scope` should apply to all types of data equally, not only built-in 
> pointers and references. The most obvious use case for this is @safe 
> interfacing with a C library that exposes handles as structs with an 
> integer field but specifies undefined behavior if those handles are 
> mismanaged. Not everything that is a manually-managed reference to 
> something is a built-in pointer or reference.

A primary usecase for this type of system is systemy-handles like a 
window, it would force it to remain on a single thread and can 
auto-dealloc when done. Replacing refcounting (which is perfectly ok but 
doesn't look great).

More information about the Digitalmars-d mailing list