@system blocks and safer @trusted (ST) functions

Bruce Carneal bcarneal at gmail.com
Thu Jul 29 12:38:23 UTC 2021


On Thursday, 29 July 2021 at 08:16:08 UTC, Joseph Rushton 
Wakeling wrote:
> On Wednesday, 28 July 2021 at 17:25:18 UTC, claptrap wrote:
>> Do you have ideas on how to stop unsafe blocks accessing the 
>> variables from the surrounding scope? Is that even a goal for 
>> the DIP?
>
> I'm not sure it necessarily is.  Consider the following example 
> (using the proposed @trusted-with- at system-blocks syntax):
>
>
> ```D
> /// Writes something into the provided buffer, e.g. filling the
> /// buffer with random bytes
> extern(C) void writeIntoCBuffer (int* ptr, size_t len) @system;
>
>
> void writeIntoDBuffer (ref int[] buf) @trusted
> {
>     @system { writeIntoCBuffer(buf.ptr, buf.length); }
> }
> ```
>
> That seems like a reasonable use-case for a @trusted wrapper of 
> an underlying @system function, but if the @system block was 
> forbidden from accessing variables from the surrounding scope, 
> it wouldn't be possible.
>
> Does that make sense, or have I misunderstood what you had in 
> mind?

Yes, I was a bit sloppy earlier. Full "stopping" is a non-goal.

There are, however, various restrictions and syntactic forms to 
be considered that usefully differ from the full access scopeless 
variant.



More information about the Digitalmars-d mailing list