Encapsulating trust

monarch_dodra via Digitalmars-d digitalmars-d at puremagic.com
Tue Sep 2 11:08:10 PDT 2014


On Tuesday, 2 September 2014 at 17:20:06 UTC, Daniel Murphy wrote:
> This is Wrong!  Any function that uses these wrappers is 
> abusing @trusted.
>
> eg:
>
> import stdx.trusted;
>
> int* func(int x) @safe
> {
>    return addrOf(x);
> }
>
> This functions is @safe, but happily returns an invalid 
> pointer.  This is possible because addrOf violates the 
> requirement that @trusted functions must be completely @safe to 
> call from an @safe function.

That's a good point.

> Having syntax (or a wrapper function) to do the second wrapping 
> automatically would violate @safe.  If it was syntax, it would 
> be banned in @safe. If it's a wrapping method like the proposed 
> 'call', then it is a program error for it to be marked @trusted.

Good points too.

A very logical conclusion.


More information about the Digitalmars-d mailing list