On Mon, Oct 22, 2018 at 2:21 AM ag0aep6g via Digitalmars-d <digitalmars-d@puremagic.com> wrote: > > On 22.10.18 10:39, Simen Kjærås wrote: > > On Sunday, 21 October 2018 at 22:03:00 UTC, ag0aep6g wrote: > [...] > > It's invalid only if Atomic.badboy exists. > > I don't agree. I prefer the stronger @trusted. As far as I know, the > stronger one is the current one.
The current one has the critical weakness that it causes **EVERY USER** to write unsafe code, manually casting things to shared. You're here spouting some fantasy about a bad-actor hacking cruft into Atomic() in druntime... Like, if you're worried about the author of Atomic(T), how about _every user, including the interns_? author:users is a 1:many relationship. I can't imagine any line of reason that doesn't find it logical that the proper placement of the burden of correctly handling @trusted code should be the one expert threadsafe library author, and not *every user ever*, because that's what the current model prescribes, and the entire point for wasting my breath.