Is borrow checker the right thing for D?
Timon Gehr
timon.gehr at gmx.ch
Sat Aug 17 12:09:19 UTC 2019
On 16.08.19 11:34, Atila Neves wrote:
> But, right now, it's possible to corrupt memory in D without the
> compiler telling you,
It's important to note that the reason why this happens is that there is
@trusted code that doesn't account for all ways @safe code can access
its interface. I.e., it's bad @trusted code, and inexpressive type
system, not unsound type system. The only ways to fix this are
1) add more runtime checking to @trusted code and don't directly expose
mutable references where this is problematic.
2) give more type system tools to @trusted code to restrict how @safe
code may access its interface, so exposing mutable references directly
is valid in more circumstances.
> and that's not a thing we want.
None of the borrow/ownership proposals in the pipeline do anything that
would allow @trusted code to restrict the set of possible access
patterns from @safe code. They are a form of Rust cargo cult.
More information about the Digitalmars-d
mailing list