@trusted assumptions about @safe code

ag0aep6g anonymous at example.com
Tue May 26 13:19:04 UTC 2020


On 26.05.20 11:35, Walter Bright wrote:
> On 5/26/2020 12:07 AM, Timon Gehr wrote:
>> I don't think so. @trusted code can't rely on @safe code behaving a 
>> certain way to ensure memory safety, it has to be defensive.
> 
> I agree. The trusted code here is not passing safe arguments to g(), but 
> it is trusted to do so.

Nice. Timon and Walter agree on something related to safety. That must 
mean something.

I take it you guys are good with adding the note about undefined 
behavior to the spec then? Repeating it here for reference:

     Undefined behavior: Calling a safe function or a trusted
     function with unsafe values or unsafe aliasing has undefined
     behavior.


More information about the Digitalmars-d mailing list