all OS functions should be "nothrow @trusted @nogc"
ag0aep6g via Digitalmars-d
digitalmars-d at puremagic.com
Tue Jul 25 07:43:22 PDT 2017
On 07/25/2017 04:32 PM, Shachar Shemesh wrote:
> And, indeed, the code calling "read" shouldn't be able to do that as
> @safe. Read itself, however, is trusted (because, let's face it, if you
> cannot trust the kernel, you're screwed anyways).
That's not how `@trusted` works. The point of `@trusted` is to allow
unsafe features in the implementation. The interface must be just as
safe as with `@safe`.
`read` doesn't have a safe interface. `read` is safe as long as long as
you pass good arguments. When you pass bad arguments, `read` will break
your stuff. A `@trusted` function must always be safe, no matter the
arguments.
More information about the Digitalmars-d
mailing list