Feedback Thread: DIP 1035-- at system Variables--Community Review Round 1
Dennis
dkorpel at gmail.com
Wed Jun 10 15:28:09 UTC 2020
On Wednesday, 10 June 2020 at 13:56:11 UTC, Timon Gehr wrote:
> However, I don't think the examples should be using `assert` to
> validate input data. At the very least, those asserts should be
> in `in` contracts, but even then, I am not sure if the
> semantics of `assert` supports your use case. In particular,
> does `-release` mean "disable memory safety checks" like
> `-noboundscheck` does?
Personally I often find myself writing `if (!x) {assert(0);}`
instead of `assert(x);` for exactly that reason: I want to assert
something that's necessary for @safe.
I'm not sure if that's the idiomatic way to do it though. I'll
change the examples to use that unless you have a better
suggestion.
> Memory safety cannot depend on the correctness of a `@safe`
> constructor.
> Consider the following slightly adapted example from the DIP:
You could say that the problem is that `execute` is wrongly
`@trusted` since it assumed something about `opcode` that is not
enforced by VmInstruction. I get what you're saying though, and
it comes back to "@trusted assumptions about @safe code", which
unfortunately did not come to concensus.
https://forum.dlang.org/thread/rahiuh$2t8h$1@digitalmars.com?page=1
I'll come back to this later in the discussion thread, but the
short version is:
Ideally all important trusted parts of the program have a
@trusted annotation nearby, but I'm afraid it is infeasible. I
was unable to find a satisfying design, though I'm open to
suggestions.
> Minor:
> - "Ownsership and borrowing in D"
> - "static initializtion"
Thanks.
More information about the Digitalmars-d
mailing list