@trusted assumptions about @safe code
Timon Gehr
timon.gehr at gmx.ch
Tue May 26 07:07:33 UTC 2020
On 26.05.20 01:04, ag0aep6g wrote:
> Consider this little program that prints the address and first character
> of a string in a convoluted way:
>
> import std.stdio;
> char f(string s) @trusted
> {
> immutable(char)* c = s.ptr;
> writeln(g(* cast(size_t*) &c));
> return *c;
> }
> size_t g(ref size_t s) @safe
> {
> return s;
> }
> void main() @safe
> {
> writeln(f("foo"));
> }
>
> As the spec stands, I believe it allows f to be @trusted.
I don't think so. @trusted code can't rely on @safe code behaving a
certain way to ensure memory safety, it has to be defensive.
More information about the Digitalmars-d
mailing list