DIP 1021--Argument Ownership and Function Calls--Community Review Round 1
ag0aep6g
anonymous at example.com
Thu Jul 18 11:16:02 UTC 2019
On 18.07.19 12:42, Nick Treleaven wrote:
> On Thursday, 18 July 2019 at 09:09:37 UTC, ag0aep6g wrote:
[...]
> struct S
> {
> private byte* ptr;
> import core.stdc.stdlib;
[...]
> ~this() @trusted
> {
> free(ptr);
> }
> }
>
> @safe:
>
> // won't compile with DIP 1021
> void bad(ref S s, ref byte b)
> {
> s.destroy;
> b++;
> }
[...]
I'm not sure if there's a meaningful difference between your code and
mine. You're calling the destructor explicitly with `destroy`, So it's
practically the same as my `clear` method, no?
Anyway, I think we're on the same page: The goal of DIP 1021 seems to be
to allow marking calls to `free` (and similar functions) as @trusted in
certain situations. The DIP should say this, and give an example.
>> Except it still wouldn't be 100% ok, because @safe code could set `ptr
>> = new byte;` and then `free` would be called on GC memory.
>
> It is @safe outside the module that S is defined in with a private ptr
> (modulo .tupleof).
That's a common hack, but strictly speaking it's an invalid use of
@trusted. An @trusted function must be safe regardless of where it's
called from. I.e., it must also be safe when called from within the same
module.
But finding a solution to that problem is probably outside of the scope
of the DIP being discussed.
More information about the Digitalmars-d
mailing list