Fantastic exchange from DConf
Moritz Maxeiner via Digitalmars-d
digitalmars-d at puremagic.com
Fri May 19 02:12:39 PDT 2017
On Thursday, 18 May 2017 at 12:12:18 UTC, Steven Schveighoffer
wrote:
> [...]
>
> We still allow unsafe operations inside @safe code, using
> @trusted. This is a necessary evil, but it's so very important
> that the base libraries (druntime and phobos) keep this to a
> minimum, and that we review those @trusted blocks to death.
That and we need to make sure it is understood by everyone using
third party @safe code that it is *not* a "I don't have to audit
this code" free card. It merely reduced the amount of code you
need to review to what is marked as @trusted (with regards to
memory safety); as long as you don't *know* whether some third
party code is @safe or @trusted, you (as the programmer) have to
assume it is @trusted and that means you have to extend trust to
the author and cannot assume any of the @safe guarantees for that
code.
More information about the Digitalmars-d
mailing list