Safety, undefined behavior, @safe, @trusted
Steven Schveighoffer
schveiguy at yahoo.com
Thu Nov 5 16:31:39 PST 2009
On Thu, 05 Nov 2009 19:11:34 -0500, Walter Bright
<newshound1 at digitalmars.com> wrote:
> Steven Schveighoffer wrote:
>> On Thu, 05 Nov 2009 17:49:33 -0500, Walter Bright
>> <newshound1 at digitalmars.com> wrote:
>>
>>> Jason House wrote:
>>>> I posted in the other thread how casting to immutable/shared can be
>>>> just as bad. A leaked reference prior to casting to immutable/shared
>>>> is in effect the same as casting away shared. No matter how you mix
>>>> thread local and shared, or mutable and immutable, you still have the
>>>> same undefined behavior
>>>
>>> Not undefined, it's just that the compiler can't prove it's defined
>>> behavior. Hence, such code would go into a trusted function.
>> But how does such a trusted function guarantee that the
>> invariant/shared reference has no other aliases?
>
> It doesn't. Trusted code is verified by the programmer, not the compiler.
OK, you totally ignored my point though. How do you write such a function?
That is, I have a mutable reference x, I want to make it immutable. How
do you write a function to do that?
i.e.:
@safe void foo()
{
x = new X();
x.modifyState(5);
immutable(X) ix = ???; // how to write this part
}
-Steve
More information about the Digitalmars-d
mailing list