Conversation
b26e6ae to
5a1c733
Compare
|
Why are you assuming Won't this change allow this to be run? class ThrowMe : Throwable
{
char* seq;
ubyte len;
override string toString() @system
{
string ret;
int i;
auto start = seq;
for (i = 0; i <= len; i++) // oops, used <=, buffer overflow
{
ret ~= start;
++start;
}
return ret;
}
}
main() @safe
{
auto c = new ThrowMe();
formatThrowable(c, someSink);
} |
Assuming, no, driving it that direction, yes. All of Object's methods need to be safe, otherwise |
But they currently aren't – can you provide another justification for your assumption of |
They aren't marked @safe, correct. But I haven't found one yet that is not actually @safe or could be easily made so.
It needs to be safe to call - if you agree that there's any point to It's a bit like const-correctness. You have to start somewhere. |
|
Why not make this a template that can infer |
Then the first thing to do would be to mark "It surely needs to be safe to call, and I haven't seen otherwise" is exactly that kind of faith-based programming |
|
Apart from the above, please also note that |
|
Well, the issues with forcing particular attributes like However, there hasn't been much done towards that. The only work that I'm aware of in that direction is the work that Martin has done towards replacing the AA implementation (without which, we can't do it), and the attempts to templatize And unfortunately, even if we solve that problem for Now, fortunately, I think that forcing Regardless, while I would expect that moving towards There was talk at one point though of replacing |
|
Looks like a catch-22, and this doesn't seem like the best first step. |
|
Yes, and we'll keep getting stuck on those. There is a bigger general problem with attribute transitions, in particular on interfaces and non-final classes. |
|
We'll get nowhere if we continue like this. One has to start making progress somewhere. |
|
Yes – except that this isn't progress. If necessary, we can ignore safety violations (which is what this change does) at the point where the function is called. You still haven't justified why that should be necessary, or how |
|
It's progress because nobody that calls formatThrowable directly or via other functions can be made @safe. In trying to make Phobos @safe, I often run into A->B->C->D->A again. At some point some part in this circle has to be made @safe, because trying to make the entire circle @safe in one PR is impractical. As I said before, it's just like the viral nature of making things const-correct. If you have a better way, please let me know. |
|
So where is the circle broken by this PR? (Hint: I don't think there is one, as I explained back in #1758 (comment).) |
5a1c733 to
9f96b17
Compare
|
@WalterBright I think the ability to override |
9f96b17 to
0340563
Compare
|
Thanks for your pull request, @WalterBright! Bugzilla referencesYour PR doesn't reference any Bugzilla issue. If your PR contains non-trivial changes, please reference a Bugzilla issue or create a manual changelog. |
0340563 to
4b80f56
Compare
|
This PR doesn't seem to be going anywhere, so I'm going to close. @WalterBright please reopen if you still think this should be pursued. |
Moving towards making Object.toString()
@safe