Discussion Thread: DIP 1035-- at system Variables--Community Review Round 1
Andrei Alexandrescu
SeeWebsiteForEmail at erdani.com
Wed Jun 17 14:30:52 UTC 2020
On 6/17/20 9:30 AM, Dennis wrote:
> On Wednesday, 17 June 2020 at 12:41:57 UTC, Andrei Alexandrescu wrote:
>>> Maybe you can make it work the way you envision, but what is to stop
>>> someone from coming along and adding some more @safe code to that
>>> module?
>>
>> A code review.
>
> I thought the whole premise of @safe was that code review is inadequate
> for catching memory corruption bugs.
Modules that contain @trusted code need to be reviewed manually. We need
to make clear in the documentation that it's not only the @trusted bits
in the module; it's the entire module. (That is the case independently
on the adoption of the DIP.) Modules that have only @safe code (no
@trusted, no @system) should provide safety guarantees. The DIP improves
on that in that it points to a number of issues with @safe that need fixing.
More information about the Digitalmars-d
mailing list