Rebooting the __metada/__mutable discussion
Paul Backus
snarwin at gmail.com
Sun Apr 10 15:41:47 UTC 2022
On Sunday, 10 April 2022 at 13:02:07 UTC, Zach Tollen wrote:
> On Sunday, 10 April 2022 at 05:41:36 UTC, Bruce Carneal wrote:
>> I view 1035 as a mechanism to extend the reach of @safe, to
>> reduce the load on conscientious code reviewers.
>
> One aspect of DIP1035 I'm confused about in this regard is item
> (1) in the [proposed
> changes](https://github.com/dlang/DIPs/blob/72f41cffe68ff1f2d4c033b5728ef37e282461dd/DIPs/DIP1035.md#proposed-changes): "An aggregate with at least one @system field is an unsafe type."
>
> This concerns me because it seems like it would extend the
> reach of *@system*, rather than *@safe*. It seems like having
> one @system variable would contaminate the whole structure so
> that you always had to use @trusted just to do anything with it.
>
> Maybe I'm thinking too much...
The point of this is to prevent things like void-initialization
of types with @system fields in @safe code. You can still access
non- at system fields of the structure without using @trusted.
"Unsafe type" does not mean you can't use it in @safe code.
Pointer types are unsafe types, for example, and you can use
pointers in @safe code without any issues. What "unsafe type"
means is that, in @safe code, your usage of that type is
restricted to operations that the compiler knows will not cause
memory corruption.
More information about the Digitalmars-d
mailing list