Trusted Manifesto

Zach the Mystic via Digitalmars-d digitalmars-d at puremagic.com
Mon Feb 9 20:03:04 PST 2015


On Tuesday, 10 February 2015 at 03:36:14 UTC, Walter Bright wrote:
> On 2/9/2015 6:21 PM, H. S. Teoh via Digitalmars-d wrote:
>> What stops the following abuse of @trusted via
>> trusted()?
>>
>> 	int* myFunc(void* p) @safe // <-- I'm claiming to be @safe
>> 	{
>> 		// But actually I'm not! Though I can convince the
>> 		// compiler that I am...
>> 		return trusted!(() => cast(int*)p);
>> 	}
>>
>> 	char c;
>> 	auto p = myFunc(&c); // oops
>> 	*p = 999; // kaboom
>>
>> Are we just relying on convention that trusted() will not be 
>> abused in
>> this way?
>
> That's right. @trusted will always rely on convention.

You could put the 'trusted' template right in object.d, to save 
people the awkward burden of importing it from std.conv all the 
time. But that would be a language change, of sorts.


More information about the Digitalmars-d mailing list