@system blocks and safer @trusted (ST) functions
clap at trap.com
Mon Jul 26 09:39:57 UTC 2021
On Monday, 26 July 2021 at 07:32:24 UTC, Paul Backus wrote:
> On Monday, 26 July 2021 at 03:40:55 UTC, Timon Gehr wrote:
>> The original claim was that the new feature is a tool that
>> allows the code base to be properly segregated more easily,
>> not that you can't still write incorrect @trusted code. If you
>> have to review @safe code to ensure memory safety of your
>> @trusted code, your @trusted code is incorrect.
> @trusted code is correct if and only if it cannot possibly
> allow undefined behavior to be invoked in @safe code.
Your example doesn't invoke undefined behaviour in safe code, it
invokes undefined behaviour in system code. The UB is in the
system block. The memory corruption happens in the system block.
After that all bets are off.
There's no way around that, which makes your example moot.
> If my example is incorrect as-written, then you should be able
> to write a program that uses it, without modification, to cause
> undefined behavior in @safe code. Same for any given @trusted
And that proves what? That you can write buggy system code that
doesn't cause memory errors in some circumstances?
More information about the Digitalmars-d