What exactly does "@safe" mean?

monarch_dodra monarchdodra at gmail.com
Sun Jun 2 00:59:08 PDT 2013


On Saturday, 1 June 2013 at 22:15:00 UTC, Jonathan M Davis wrote:
> On Saturday, June 01, 2013 23:41:32 monarch_dodra wrote:
>> OK. But by that standard, can't (mostly) anything be trusted?
>> What about something that writes garbage, to a memory location 
>> it
>> was *asked* to write to? Or if wrong usage of the function can
>> lead to an inconsistence memory state, but without "out of 
>> bounds
>> accesses"?
>
> When a programmer marks a function as @trusted, they are saying 
> that they
> guarantee that the function will not do anything to corrupt 
> memory. So, yes, a
> programmer could mark absolutely anything as @trusted - 
> including stuff that is
> blatantly unsafe and will do all kinds of nasty stuff - but 
> that's the
> programmer's fault.

Well, by "mostly", I did mean stuff that's not blatantly wrong. I 
don't usually write stuff with the express objective of 
clobbering memory.

But given the previous answers, I think I see why anything that 
should work can't be marked @safe.

>> But still, if I were to give emplace an "already constructed
>> object", it will happily clobber that object for me, leaking 
>> the
>> destructor, and possibly putting the program in an invalid 
>> memory
>> state.
>> 
>> Now, it was *my* fault for calling emplace with an already 
>> built
>> object, but it was the (@trusted) emplace that clobbered-it.
>
> Well, given that the safety of the operation relies on what's 
> being passed in,
> the operation itself can't reasonably be marked as @safe, 
> because you can't
> guarantee that the operation isn't going to corrupt memory.

But isn't that exactly the same as my "void foo(int* p) @safe{*p 
= 0}" example ? That relies on what is being passed in to 
guarantee safety :/

@confused


More information about the Digitalmars-d mailing list