Discussion Thread: DIP 1035-- at system Variables--Final Review
Paul Backus
snarwin at gmail.com
Fri Mar 4 13:23:26 UTC 2022
On Friday, 4 March 2022 at 13:06:35 UTC, Dukc wrote:
> On Friday, 4 March 2022 at 09:39:53 UTC, Dennis wrote at the
> feedback theard:
>> On Friday, 25 February 2022 at 21:46:25 UTC, Dukc wrote:
>>> Wouldn't putting the handle in union with `void[1]` work?
>>
>> No, `void[1]` is not a type with unsafe values.
>
> I was just checking what the language spec says about this, and
> found an alternative we have all been overlooking.
>
> A type can be declared unsafe in the present language by giving
> it an invariant.
>
> Yes I meant that contract programming invariant! The spec says
> that void-initializing a type with an invariant, or using an
> union that has a member with an invariant is `@system`-only.
> Thus the invariant effectively declares the type unsafe.
First, this was not "overlooked"--it was added to the language
spec well after DIP 1035 was written and submitted. Dennis and I
have been aware of this spec change since it was first proposed
in [DMD PR 12326][1].
Second, this is not a complete alternative to DIP 1035, because
it does not solve [the `__traits(getMember)` issue][2]. As long
as `@safe` code is allowed to bypass encapsulation and access the
fields of user-defined types directly, it is impossible for
`@trusted` code to rely on the integrity of the data in those
fields.
[1]:
https://github.com/dlang/dmd/pull/12326#issuecomment-812575730
[2]: https://issues.dlang.org/show_bug.cgi?id=20941
More information about the Digitalmars-d
mailing list