OFF TOPIC Re: Range of enum type values
Timon Gehr
timon.gehr at gmx.ch
Sat Dec 28 21:46:01 UTC 2019
On 28.12.19 21:22, Johan Engelen wrote:
> On Saturday, 28 December 2019 at 13:33:25 UTC, Timon Gehr wrote:
>>
>> @safe is meant to imply no memory corruption. @safe implies no UB,
>> because UB can lead to any behavior, including memory corruption. UB
>> allows compilers to insert arbitrary code execution exploits. How can
>> you call that @safe?
>
> I think we are talking about different things here.
>
> You are saying: the spec says @safe means no UB, and if the spec doesn't
> say it then it simply needs updating. There are a number of text pieces
> that say that.
>
> I am saying: regardless of what the spec and any of those articles
> promise, current D behavior is that @safe _can_ have UB in it.
Each of those instances is a bug.
>
> I know most people don't like to hear it nor acknowledge it. But I think it is better to be realistic about this. `@safe` currently does _not_ mean the code is super safe.
I acknowledge that the implementation has bugs. I reported a number of
frontend bugs in the type checker myself. What you are saying is that
the backends have bugs as well. It's not very surprising, but I don't
think you can use existing bugs in the implementation as a justification
to deliberately introduce more of those bugs, which is what I read when
you write "I don't buy this argument".
More information about the Digitalmars-d
mailing list