On Thursday, 18 August 2016 at 17:05:05 UTC, Dicebot wrote:
On 08/11/2016 04:38 PM, Sönke Ludwig wrote:
That will just leave one hole in conjunction with the @trusted destructor, which is (presumably) not easy to fix without much larger changes to the type system, as well as to how container types are built. It is still vulnerable to artificial shortening of the elements' lifetime, e.g. by using opAssign() or destroy():


@safe {
    RefCountedSlice!int s = ...;
    scope int* el;
    el = &s[0];
    s = RefCountedSlice.init;
    *el = 12; // oops
}

I asked Walter about this in more details and right now plan is to address it in a separate DIP that provides more integration between reference counting and compiler. Within DIP1000 terms such destructor must not be marked as @safe - essentially, it will only enable @safe usage of stack allocated data in its initial form.

I think RefCountedSlice can have a @trusted destructor so long as opAssign is @system. (I'll likely make a PR to the DIP soon).

Reply via email to