Quoting Kenton Varda (2019-09-16 18:42:36) > Hmm, I think it might be sound for mutable values as long as you > don't have aliasing.
I think you might be right, but importantly the lack of aliasing has to hold all the way up the pointer chain, to your program's "root set" to use GC terminology; it's not sufficient for the message itself not to have aliasing, since otherwise you might have the usual problem with two pointers to the message's root struct. Rust will enforce that, and from what I've seen the style encouraged by most of your own work follows this by convention (C++ isn't memory safe, so obviously there's a certain amount of discipline that has to be assumed for conversations about soundness to even be coherent). But it doesn't seem like a safe assumption for languages that use a GC, rather than relying on RAII and the like. -Ian -- You received this message because you are subscribed to the Google Groups "Cap'n Proto" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/capnproto/156867564774.15823.3424465749688690463%40localhost.localdomain.
