On Borrow Checking
Timon Gehr
timon.gehr at gmx.ch
Mon May 12 12:54:16 UTC 2025
On 5/12/25 14:41, Richard (Rikki) Andrew Cattermole wrote:
> On 13/05/2025 12:34 AM, Timon Gehr wrote:
>> On 5/12/25 13:52, Richard (Rikki) Andrew Cattermole wrote:
>>>
>>> It has everything to do with @safe, that is where the mechanical
>>> checks exist.
>>>
>>> You do not need the escape set (``scope``), if you do not have the
>>> mechanical checks, and where you have an escape hatch (``@trusted``
>>> and ``@system``), these are intentionally not turned on.
>>
>> Even in `@system` code you cannot assign an `int` to an `int*`, you
>> have to use an explicit cast. I don't think it is true that just
>> because `@system` does not give you memory safety guarantees it will
>> therefore be expected that features do not work at all.
>>
>> This is a design decision, and I think Manu's and Walter's
>> expectations are more reasonable than what the compiler actually does.
>
> Right, perhaps if it was a different design, say unsafe blocks I'd agree
> with what Manu is saying.
>
> Unfortunately the current design has a valid set of tradeoffs.
>
> And from experience you must have some sort of escape hatch, and that is
> ``@trusted`` and ``@system`` currently, enforcing ``scope`` there would
> make it unusable.
>
There can be another way to circumvent `scope` checks that is itself
considered `@system`. As Walter and Manu have demonstrated, it is not
even consistent. Some checks are still active, others are not.
More information about the Digitalmars-d
mailing list