On 22.10.18 16:09, Simen Kjærås wrote:
On Monday, 22 October 2018 at 13:40:39 UTC, Timon Gehr wrote:
module reborked;
import atomic;
void main()@safe{
auto a=new Atomic!int;
import std.concurrency;
spawn((shared(Atomic!int)* a){ ++*a; }, a);
++a.tupleof[0];
}
Finally! Proof that MP is impossible. On the other hand, why the hell is
that @safe? It breaks all sorts of guarantees about @safety. At a
minimum, that should be un-@safe.
Filed in bugzilla: https://issues.dlang.org/show_bug.cgi?id=19326
--
Simen
Even if this is changed (and it probably should be), it does not fix the
case where the @safe function is in the same module. I don't think it is
desirable to change the definition of @trusted such that you need to
check the entire module if it contains a single @trusted function.
If I can break safety of some (previously correct) code by editing only
@safe code, then that's a significant blow to @safe. I think we need a
general way to protect data from being manipulated in @safe code in any
way, same module or not.