Spec on casting to integer with smaller range than value
Dennis
dkorpel at gmail.com
Sat Mar 28 16:15:08 UTC 2020
On Saturday, 28 March 2020 at 16:06:39 UTC, kinke wrote:
> @safe is about memory corruption, not about disallowing any
> undefined behavior.
The spec provides two definitions:
> Safe functions are functions that are statically checked to
> exhibit no possibility of undefined behavior. Undefined
> behavior is often used as a vector for malicious attacks.
https://dlang.org/spec/function.html#function-safety
> Memory Safety for a program is defined as it being impossible
> for the program to corrupt memory. Therefore, the safe subset
> of D consists only of programming language features that are
> guaranteed to never result in memory corruption.
https://dlang.org/spec/memory-safe-d.html
Presence of undefined behavior is sufficient to cause memory
corruption, and memory corruption itself is undefined behavior,
so the definitions are equivalent and both describe the same
thing.
More information about the Digitalmars-d
mailing list