@trusted assumptions about @safe code
ag0aep6g
anonymous at example.com
Wed May 27 18:46:59 UTC 2020
On 27.05.20 19:30, Paul Backus wrote:
> In practice, proving your @trusted code correct without making *any*
> assumptions about other code is too difficult, since at the very least
> you have to account for dependencies like the C library and the
> operating system. At some point, you have to trust that the code you're
> calling does what it says it does. So what you end up doing is
> establishing another logical implication:
>
> my dependencies behave as-documented -> my @trusted code is
> memory-safe
So:
my dependencies do not behave as-documented -> my @trusted code may
be not memory-safe
right?
Let's say an @safe function `my_strlen` is part of my dependencies. Then:
`my_strlen` does not behave as-documented -> my @trusted code may
be not memory-safe
Or in other words: A mistake in an @safe function can lead to memory
corruption.
Which is what Steven is saying. And I agree.
More information about the Digitalmars-d
mailing list