@trusted assumptions about @safe code

ag0aep6g anonymous at example.com
Wed May 27 18:46:59 UTC 2020


On 27.05.20 19:30, Paul Backus wrote:
> In practice, proving your @trusted code correct without making *any* 
> assumptions about other code is too difficult, since at the very least 
> you have to account for dependencies like the C library and the 
> operating system. At some point, you have to trust that the code you're 
> calling does what it says it does. So what you end up doing is 
> establishing another logical implication:
> 
>      my dependencies behave as-documented -> my @trusted code is 
> memory-safe

So:

     my dependencies do not behave as-documented -> my @trusted code may 
be not memory-safe

right?

Let's say an @safe function `my_strlen` is part of my dependencies. Then:

     `my_strlen` does not behave as-documented -> my @trusted code may 
be not memory-safe

Or in other words: A mistake in an @safe function can lead to memory 
corruption.

Which is what Steven is saying. And I agree.


More information about the Digitalmars-d mailing list