Manu's `shared` vs the @trusted promise
Neia Neutuladh
neia at ikeran.org
Tue Oct 23 20:36:27 UTC 2018
On Tue, 23 Oct 2018 22:25:55 +0200, Timon Gehr wrote:
> What he is saying is, you could add some @safe code to the druntime
> module that defines the dynamic array struct. Then, within this code,
> DMD would consider independent assignments to the length and ptr members
> @safe, even though this is not the case. Therefore, @safe is broken in
> druntime.
Yes, the principle is quite reasonable. Anything that can access a non-
@safe interface of a thing needs to be carefully vetted to make sure it's
valid as @trusted code, and that means looking at a whole module at once.
So put your @trusted code in separate modules insofar as possible.
In this particular case, though, druntime functions are generally @trusted
rather than @safe, and arrays are defined by the compiler and not as
structs in druntime.
More information about the Digitalmars-d
mailing list