GC has a "barbaric" destroyng model, I think
Foo via Digitalmars-d-learn
digitalmars-d-learn at puremagic.com
Fri Feb 13 02:17:00 PST 2015
On Friday, 13 February 2015 at 09:28:30 UTC, Kagamin wrote:
> On Friday, 13 February 2015 at 09:11:26 UTC, Foo wrote:
>> And I wouldn't say indiscriminately. Every function I marked
>> with @trusted was checked by me so far.
>
> What did you check them for? :)
> Just first example: make and destruct, being marked as
> @trusted, don't prevent caller from UAF and double free
> vulnerabilities, and compiler can't help with that by checking
> the caller. Other functions marked as trusted have similar
> problems. If the the caller can't be automatically checked for
> safety and must ensure safety manually, it means the callee is
> @system.
That seems to be a problem with trusted and safe :)
More information about the Digitalmars-d-learn
mailing list