Simplification of @trusted
ag0aep6g
anonymous at example.com
Thu Jun 17 18:40:15 UTC 2021
On Thursday, 17 June 2021 at 17:42:08 UTC, Ola Fosheim Grøstad
wrote:
> ```
> class A {
>
> this() @trusted {
> ptr = &buffer[0];
> offset = 0;
> }
>
> int get() @trusted { return ptr[offset]; }
> void set(int i) @trusted { this.offset = i&1; }
>
> /*BUG: offset was pasted in here by mistake*/
> int size()@safe{ offset=2; return 2;}
>
> private:
> int[2] buffer;
> int* ptr;
> int offset;
> }
>
>
> ```
>
> Since this @safe size() function could in theory mess up offset
> by a bug, it should not be allowed?
With the current spec, the bug is in `get`. It cannot be
@trusted, because it does not have a safe interface.
With DIP 1035 (@system variables) you could mark `offset` as
@system. Then `get` would be fine and the compiler would catch
the bug in `size`.
> However if we make size() @trusted then this is perfectly ok by
> the requirements?
If you make `size` @trusted, `get` still does not have a safe
interface and cannot be @trusted.
More information about the Digitalmars-d
mailing list