@trusted and return ref
via Digitalmars-d-learn
digitalmars-d-learn at puremagic.com
Thu Feb 26 12:56:50 PST 2015
On Thursday, 26 February 2015 at 12:50:04 UTC, anonymous wrote:
> The whole point of @trusted is to be able to call @system code.
> It doesn't matter if that code is "injected" or not. @safe
> prevents calling @system code.
But it should matter, because when you mark a unit @trusted you
basically are signing off a "certificate" that says it acts like
@safe in @safe code. How can you verify anything if you allow
injections? You can only verify what is known when the
verification took place. After that it should be frozen so that
injections of non-verified code only goes into @safe "slots".
> [...]
>> It infers "@safe", but it does not provide validation.
>
> Yup. RCArray is de-facto trusted, i.e. verified memory-safe by
> the programmer. It's not compiler verified safe, even though it
> ends up being labeled @safe.
Well, but @safe code is not verified either... It is inferred
@safe based on a fixed set of criterions, but not verified. To
verify you need more, and you have to start with strong typing.
More information about the Digitalmars-d-learn
mailing list