On Wednesday, 17 February 2016 at 02:51:06 UTC, Walter Bright
wrote:
On 2/16/2016 11:29 AM, Marc Schütz wrote:
For example, it's always possible to use a global mutable
associative array to
store additional data connected with an immutable or const
object (ignoring
purity issues for the moment). That's safe because from the
outside, there's no
observable change to the state of the object itself, and the
global AA's type
(shared/thread-local) prevents race conditions.
The trouble with that is you're relying on the programmer to
ensure correctness. It'll revert D to C++ "trust the
programmer" semantics.
Are you referring to the quoted passage, or my DIP? If the
latter, please note that it was initially written for a different
purpose. Operations with @mutables will be @system, which is our
usual way to deal with situations in which the programmer has to
ensure correctness. The unsafe (@trusted) part is very small and
well encapsulated, the unsafety doesn't leak.
Furthermore, with the current mechanical guarantee of
immutability, it opens up the possibility of relying on such
beyond merely observable behavior - such as immutable data
being placed in ROM, or special GC semantics.
That's already covered in the DIP, see my reply to Dicebot.
