On Thursday, 18 August 2016 at 17:05:05 UTC, Dicebot wrote:
On 08/11/2016 04:38 PM, Sönke Ludwig wrote:
That will just leave one hole in conjunction with the @trusted
destructor, which is (presumably) not easy to fix without much
larger changes to the type system, as well as to how container
types are built. It is still vulnerable to artificial
shortening of the elements' lifetime, e.g. by using opAssign()
or destroy():
@safe {
RefCountedSlice!int s = ...;
scope int* el;
el = &s[0];
s = RefCountedSlice.init;
*el = 12; // oops
}
I asked Walter about this in more details and right now plan is
to address it in a separate DIP that provides more integration
between reference counting and compiler. Within DIP1000 terms
such destructor must not be marked as @safe - essentially, it
will only enable @safe usage of stack allocated data in its
initial form.
I think RefCountedSlice can have a @trusted destructor so long as
opAssign is @system. (I'll likely make a PR to the DIP soon).
