D Article: Memory Safety
Dicebot via Digitalmars-d-announce
digitalmars-d-announce at puremagic.com
Thu Jan 21 05:39:48 PST 2016
On Thursday, 21 January 2016 at 04:31:25 UTC, Jakob Ovrum wrote:
> That was for non-templated functions where this approach makes
> no sense. Indeed it is counterproductive, because @trusted on
> the whole function is a better indication of what needs to be
> reviewed for memory safety (the whole function!).
Thanks! I got confused because your used example actually leaves
@safe hole with this specific usage of @trusted :
void foo(T)(T t) {
auto p = () @trusted { return &t; } ();
p.bar();
}
struct S { int x; }
S* global;
void bar (S* ptr) @safe
{
global = ptr;
}
void main () @safe
{
foo(S.init);
global.x = 42; // oops, writing to some random stack memory
}
I'd suggest at the very least to add a comment before "p.bar();"
saying "Must not escape 'p' pointer or @safe-ty will be
compromised".
More information about the Digitalmars-d-announce
mailing list