Pure functions and pointers (yes, again)
Jonathan M Davis
jmdavisProg at gmx.com
Wed Jul 4 02:48:30 PDT 2012
On Wednesday, July 04, 2012 09:21:35 Christophe Travert wrote:
> What change would you expect in the langage? making pure function
> automatically @safe? That may not be such a ba idea. However, that is
> not even enough, you could still create bug from optimizations with
> casting outside the pure function (for instance, you could alias
> variables that should not be aliased).
An @safe function is only as safe as the @trusted functions that it calls.
With @trusted, it's up to the programmer to determine that the @system stuff
being done is actually being done in a way which is ultimately @safe (e.g. not
using undefined behavior). If the programmer screwed up, and the @trusted stuff
has buffer overruns or whatnot, then the @safe code isn't really @safe. With
both @trusted and casts, it's up to the programmer to get them right, because
what the programmer is doing is telling the compiler that they know better
than the compiler and that they know what they're doing. If they do know
better, then great. But if they don't, say hello to some nasty bugs.
_All_ of the guarantees that the compiler gives are based on the type system.
So, anything that the programmer does to work around the type system must be
verified and guaranteed by the programmer to ultimately maintain the guarantees
that compiler expects. Otherwise, the compiler's guarantees are based on wrong
assumptions, and they're going to be invalid.
- Jonathan M Davis
More information about the Digitalmars-d
mailing list