[Issue 12857] Don't allow declaring @system function inside @safe block
via Digitalmars-d-bugs
digitalmars-d-bugs at puremagic.com
Thu Jun 5 02:49:37 PDT 2014
https://issues.dlang.org/show_bug.cgi?id=12857
Kenji Hara <k.hara.pg at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords|accepts-invalid |
Severity|major |enhancement
--- Comment #3 from Kenji Hara <k.hara.pg at gmail.com> ---
OK, this is not a corruption of @safe concept. The original code can be
rewritten as follows:
int* ptr;
static void foo() @system {
ptr = cast(int*)1; // stomp memory
}
auto func(int n) @safe {
if (!ptr)
ptr = new int(n);
return &foo;
}
void main() { ... }
And func cannot assume the pointer value won't be corrupted, because someone
can corrupt it.
But, in original code, the static variable `ptr` is declared inside the safe
function. Therefore anyone cannot stomp it from outside of foo.
I think that everything inside @safe function should be safe or trusted. From
the point of view, declaring @system function inside @safe is much dangerous.
By disallowing it, we can stop writing error-prone code.
--
More information about the Digitalmars-d-bugs
mailing list