Safety, undefined behavior, @safe, @trusted

Steven Schveighoffer schveiguy at yahoo.com
Thu Nov 5 16:31:39 PST 2009


On Thu, 05 Nov 2009 19:11:34 -0500, Walter Bright  
<newshound1 at digitalmars.com> wrote:

> Steven Schveighoffer wrote:
>> On Thu, 05 Nov 2009 17:49:33 -0500, Walter Bright  
>> <newshound1 at digitalmars.com> wrote:
>>
>>> Jason House wrote:
>>>> I posted in the other thread how casting to immutable/shared can be
>>>> just as bad. A leaked reference prior to casting to immutable/shared
>>>> is in effect the same as casting away shared. No matter how you mix
>>>> thread local and shared, or mutable and immutable, you still have the
>>>> same undefined behavior
>>>
>>> Not undefined, it's just that the compiler can't prove it's defined  
>>> behavior. Hence, such code would go into a trusted function.
>>  But how does such a trusted function guarantee that the  
>> invariant/shared reference has no other aliases?
>
> It doesn't. Trusted code is verified by the programmer, not the compiler.

OK, you totally ignored my point though.  How do you write such a function?

That is, I have a mutable reference x, I want to make it immutable.  How  
do you write a function to do that?

i.e.:

@safe void foo()
{
    x = new X();
    x.modifyState(5);
    immutable(X) ix = ???; // how to write this part
}

-Steve



More information about the Digitalmars-d mailing list