Borrowing and Ownership

Timon Gehr timon.gehr at
Mon Oct 28 00:29:12 UTC 2019

On 28.10.19 01:23, Paul Backus wrote:
> On Sunday, 27 October 2019 at 22:36:30 UTC, Timon Gehr wrote:
>> - The problem with `@trusted` is that it has no defense against 
>> `@safe` code destroying its invariants or accessing raw pointers that 
>> are only meant to be manipulated by `@trusted` code. There should 
>> therefore be a way to mark data as `@trusted` (or equivalent), such 
>> that `@safe` code can not access it.
> Would it be possible to accomplish this by putting the @trusted code and 
> data in its own module, and using private? Assuming that the outstanding 
> loopholes that allow bypassing private in @safe code are fixed, at least.

Not really, because one can always add a @safe function to that module. 
The official sales pitch for @safe says that you only have to audit 
@trusted functions, but not @safe functions, to locate all memory safety 
issues in your program.

More information about the Digitalmars-d mailing list