If you needed any more evidence that memory safety is the future...
Moritz Maxeiner via Digitalmars-d
digitalmars-d at puremagic.com
Wed Mar 8 13:02:23 PST 2017
On Wednesday, 8 March 2017 at 17:40:29 UTC, Brad Roberts wrote:
> [...]
>>
>> You can hide unsafe code in D by annotating a function with
>> @trusted the same way you can hide unsafe code in Rust with
>> unsafe blocks.
>
> Clearly marked is an interesting definition of hidden.
---
module mymemorysafexyzlibrary;
struct Context { /* ... */ }
@safe
Context* createContextSafely()
{
return () @trusted {
// What's gonna happen if you use this?
// Ask your memory allocation professional
void* foo = malloc(Context.sizeof-1);
return cast(Data*) foo;
}();
}
---
The operating word here being "can". The above is semantically
equivalent (assuming the delegate gets optimized out) to an
unsafe block inside a Rust function. And yes, that's what I
consider hidden unsafe code, and it means that if you call
function `bar` from a @safe function `foo`, `bar` being marked as
@safe does not save you from auditing `bar`'s source code.
More information about the Digitalmars-d
mailing list