Borrowing and Ownership
Timon Gehr
timon.gehr at gmx.ch
Mon Oct 28 22:08:54 UTC 2019
On 28.10.19 00:40, rikki cattermole wrote:
> On 28/10/2019 11:36 AM, Timon Gehr wrote:
>> - The problem with `@trusted` is that it has no defense against
>> `@safe` code destroying its invariants or accessing raw pointers that
>> are only meant to be manipulated by `@trusted` code. There should
>> therefore be a way to mark data as `@trusted` (or equivalent), such
>> that `@safe` code can not access it.
>
> This seems artificially restrictive for this proposal.
> However, we could instead split this off into its own DIP allowing
> attributes to act like visibility modifiers for variables.
>
> I may not be convinced that this is required, but following it through
> to completion would be a good idea if its done at all.
> ...
Well, either we change the language or we change the way @safe is
advertised. (You need to audit @trusted functions vs you need to audit
each module that contains any @trusted function.)
More information about the Digitalmars-d
mailing list