@system blocks and safer @trusted (ST) functions

claptrap clap at trap.com
Sun Jul 25 22:05:26 UTC 2021

On Sunday, 25 July 2021 at 21:32:00 UTC, Paul Backus wrote:
> On Sunday, 25 July 2021 at 20:36:09 UTC, claptrap wrote:
>> So no that doesn't prove what you say it does, it doesn't mean 
>> favouriteNumber needs checking, it means the @system block 
>> needs checking. favouriteNumber knows nothing about the array 
>> length, to assume it does or it should is bad design.
> Strictly speaking, you're right; it is the `@system` block that 
> needs checking, not `favoriteNumber`.
> However, any time you change `favoriteNumber`, you have to 
> *re-check* the `@system` block. From a maintenance perspective, 
> this is no different from `favoriteNumber` itself requiring 
> manual checking--if someone submits a PR that changes 
> `favoriteNumber`, and you accept it without any manual review, 
> you risk introducing a memory-safety bug.

Im sorry but it's nonsense.

You get an OOB error, it points you at the system block, you add 
bounds checking, job done.

Changing favouriteNumber doesnt introduce a bug, the bug was 
*already* there in the system block.

You cant expect favouriteNumber to be responsible for other code 
doing stupid things with its result.

More information about the Digitalmars-d mailing list