Pure functions and pointers (yes, again)

Jonathan M Davis jmdavisProg at gmx.com
Wed Jul 4 02:48:30 PDT 2012

On Wednesday, July 04, 2012 09:21:35 Christophe Travert wrote:
> What change would you expect in the langage? making pure function
> automatically @safe? That may not be such a ba idea. However, that is
> not even enough, you could still create bug from optimizations with
> casting outside the pure function (for instance, you could alias
> variables that should not be aliased).

An @safe function is only as safe as the @trusted functions that it calls. 
With @trusted, it's up to the programmer to determine that the @system stuff 
being done is actually being done in a way which is ultimately @safe (e.g. not 
using undefined behavior). If the programmer screwed up, and the @trusted stuff 
has buffer overruns or whatnot, then the @safe code isn't really @safe. With 
both @trusted and casts, it's up to the programmer to get them right, because 
what the programmer is doing is telling the compiler that they know better 
than the compiler and that they know what they're doing. If they do know 
better, then great. But if they don't, say hello to some nasty bugs.

_All_ of the guarantees that the compiler gives are based on the type system. 
So, anything that the programmer does to work around the type system must be 
verified and guaranteed by the programmer to ultimately maintain the guarantees 
that compiler expects. Otherwise, the compiler's guarantees are based on wrong 
assumptions, and they're going to be invalid.

- Jonathan M Davis

More information about the Digitalmars-d mailing list