Borrowing and Ownership
timon.gehr at gmx.ch
Mon Oct 28 00:29:12 UTC 2019
On 28.10.19 01:23, Paul Backus wrote:
> On Sunday, 27 October 2019 at 22:36:30 UTC, Timon Gehr wrote:
>> - The problem with `@trusted` is that it has no defense against
>> `@safe` code destroying its invariants or accessing raw pointers that
>> are only meant to be manipulated by `@trusted` code. There should
>> therefore be a way to mark data as `@trusted` (or equivalent), such
>> that `@safe` code can not access it.
> Would it be possible to accomplish this by putting the @trusted code and
> data in its own module, and using private? Assuming that the outstanding
> loopholes that allow bypassing private in @safe code are fixed, at least.
Not really, because one can always add a @safe function to that module.
The official sales pitch for @safe says that you only have to audit
@trusted functions, but not @safe functions, to locate all memory safety
issues in your program.
More information about the Digitalmars-d