On Sun, Oct 21, 2018 at 5:40 PM Timon Gehr via Digitalmars-d <digitalmars-d@puremagic.com> wrote: > > On 21.10.18 21:04, Manu wrote: > > On Sun, Oct 21, 2018 at 12:00 PM Timon Gehr via Digitalmars-d > > <digitalmars-d@puremagic.com> wrote: > >> > >> On 21.10.18 17:54, Nicholas Wilson wrote: > >>> > >>>> As soon as that is done, you've got a data race with the other > >>>> existing unshared aliases. > >>> > >>> You're in @trusted code, that is the whole point. The onus is on the > >>> programmer to make that correct, same with regular @safe/@trusted@system > >>> code. > >> > >> Not all of the parties that participate in the data race are in @trusted > >> code. The point of @trusted is modularity: you manually check @trusted > >> code according to some set of restrictions and then you are sure that > >> there is no memory corruption. > >> > >> Note that you are not allowed to look at any of the @safe code while > >> checking your @trusted code. You will only see an opaque interface to > >> the @safe code that you call and all you know is that all the @safe code > >> type checks according to @safe rules. Note that there might be an > >> arbitrary number of @safe functions and methods that you do not see. > >> > >> Think about it this way: you first write all the @trusted and @system > >> code, and some evil guy who does not like you comes in after you looks > >> at your code and writes all the @safe code. If there is any memory > >> corruption, it will be your fault and you will face harsh consequences. > >> Now, design the @safe type checking rules. It won't be MP! > >> > >> Note that there may well be a good way to get the good properties of MP > >> without breaking the type system, but MP itself is not good because it > >> breaks @safe. > > > > Show me. Nobody has been able to show that yet. I'd really like to know > > this. > > > > I just did,
There's no code there... just a presumption that the person who wrote the @trusted code did not deliver the promise they made. > but if you really need to, give me a non-trivial piece of> correct > multithreaded code that accesses some declared-unshared field > from a shared method and I will show you how the evil guy would modify > some @safe code in it and introduce race conditions. It needs to be your > code, as otherwise you will just claim again that it is me who wrote bad > @trusted code. You can pick on any of my prior code fragments. They've all been ignored so far.
