Borrowing and Ownership

Timon Gehr timon.gehr at
Mon Oct 28 22:08:54 UTC 2019

On 28.10.19 00:40, rikki cattermole wrote:
> On 28/10/2019 11:36 AM, Timon Gehr wrote:
>> - The problem with `@trusted` is that it has no defense against 
>> `@safe` code destroying its invariants or accessing raw pointers that 
>> are only meant to be manipulated by `@trusted` code. There should 
>> therefore be a way to mark data as `@trusted` (or equivalent), such 
>> that `@safe` code can not access it.
> This seems artificially restrictive for this proposal.
> However, we could instead split this off into its own DIP allowing 
> attributes to act like visibility modifiers for variables.
> I may not be convinced that this is required, but following it through 
> to completion would be a good idea if its done at all.
> ...

Well, either we change the language or we change the way @safe is 
advertised. (You need to audit @trusted functions vs you need to audit 
each module that contains any @trusted function.)

More information about the Digitalmars-d mailing list