GC has a "barbaric" destroyng model, I think
Kagamin via Digitalmars-d-learn
digitalmars-d-learn at puremagic.com
Fri Feb 13 01:28:29 PST 2015
On Friday, 13 February 2015 at 09:11:26 UTC, Foo wrote:
> And I wouldn't say indiscriminately. Every function I marked
> with @trusted was checked by me so far.
What did you check them for? :)
Just first example: make and destruct, being marked as @trusted,
don't prevent caller from UAF and double free vulnerabilities,
and compiler can't help with that by checking the caller. Other
functions marked as trusted have similar problems. If the the
caller can't be automatically checked for safety and must ensure
safety manually, it means the callee is @system.
More information about the Digitalmars-d-learn
mailing list