Discussion Thread: DIP 1035-- at system Variables--Community Review Round 2
Steven Schveighoffer
schveiguy at gmail.com
Thu Mar 4 20:10:05 UTC 2021
On 2/25/21 4:21 AM, Mike Parker wrote:
> This is the discussion thread for the second round of Community Review
> of DIP 1035, "@system Variables":
>
> https://github.com/dlang/DIPs/blob/c39f6ac62210e0604dcee99b0092c1930839f93a/DIPs/DIP1035.md
>
>
In the example for (2):
struct Handle {
@system int handle;
}
// struct with @system field is an unsafe type
@safe Handle safeHandle = Handle(1);
@system Handle systemHandle = Handle(-1);
...
void main() @safe {
Handle h0 = safeHandle; // allowed, @safe variable
Handle h1 = systemHandle; // error, reading @system var of
unsafe type
...
}
I'm concerned about the allowance of just declaring a @safe Handle.
If Handle(-1) is unsafe, what is stopping me from doing:
@safe Handle sneakyHandle = Handle(-1);
And can I just do this inside main():
Handle h2 = Handle(-1);
I guess my biggest problem with this DIP is surrounding the allowance of
initialization of @system variables without requiring a @system call.
And/or the weird rules of "you can't do it if it's a @system variable,
but perfectly fine if you type out the initializer"
Or maybe I'm misunderstanding something. Perhaps it would be good to
specify how one prevents anything in @safe from using Handle(-1).
------
Another note, the ShortString example is unsafe, even with the DIP, as
`s[]` will provide access to data that might move elsewhere.
Perhaps it would be good to restate the examples with the assumption the
DIP is implemented, and show why they are now fully @safe.
-Steve
More information about the Digitalmars-d
mailing list