@system blocks and safer @trusted (ST) functions
Bruce Carneal
bcarneal at gmail.com
Thu Jul 29 12:38:23 UTC 2021
On Thursday, 29 July 2021 at 08:16:08 UTC, Joseph Rushton
Wakeling wrote:
> On Wednesday, 28 July 2021 at 17:25:18 UTC, claptrap wrote:
>> Do you have ideas on how to stop unsafe blocks accessing the
>> variables from the surrounding scope? Is that even a goal for
>> the DIP?
>
> I'm not sure it necessarily is. Consider the following example
> (using the proposed @trusted-with- at system-blocks syntax):
>
>
> ```D
> /// Writes something into the provided buffer, e.g. filling the
> /// buffer with random bytes
> extern(C) void writeIntoCBuffer (int* ptr, size_t len) @system;
>
>
> void writeIntoDBuffer (ref int[] buf) @trusted
> {
> @system { writeIntoCBuffer(buf.ptr, buf.length); }
> }
> ```
>
> That seems like a reasonable use-case for a @trusted wrapper of
> an underlying @system function, but if the @system block was
> forbidden from accessing variables from the surrounding scope,
> it wouldn't be possible.
>
> Does that make sense, or have I misunderstood what you had in
> mind?
Yes, I was a bit sloppy earlier. Full "stopping" is a non-goal.
There are, however, various restrictions and syntactic forms to
be considered that usefully differ from the full access scopeless
variant.
More information about the Digitalmars-d
mailing list