Manu's `shared` vs the @trusted promise
Dukc
ajieskola at gmail.com
Mon Oct 22 11:24:27 UTC 2018
On Sunday, 21 October 2018 at 22:03:00 UTC, ag0aep6g wrote:
> The @trusted contract says that an @trusted function must be
> safe when called from an @safe function. That calling @safe
> function might be located in the same module, meaning it might
> have the same level of access as the @trusted function.
>
> That means, Atomic.incr is invalid. It's invalid whether
> Atomic.badboy exists or not. It's invalid because we can even
> possibly write an Atomic.badboy. That's my interpretation of
> the spec, at least.
Frankly, this does not sound credible. According to this
rationale, array access should be @system too, because it relies
on the array not giving direct access to its length to the user,
which would also in itself be @safe.
More information about the Digitalmars-d
mailing list