Simplification of @trusted
Paul Backus
snarwin at gmail.com
Thu Jun 17 19:06:31 UTC 2021
On Thursday, 17 June 2021 at 18:46:09 UTC, Ola Fosheim Grøstad
wrote:
> On Thursday, 17 June 2021 at 18:40:15 UTC, ag0aep6g wrote:
>> If you make `size` @trusted, `get` still does not have a safe
>> interface and cannot be @trusted.
>
> What about it isn't safe? It is provably safe? Meaning, I can
> do a formal verification of it as being safe!?
In order for `get` to have a safe interface, it must not be
possible to call it from `@safe` code with an instance that has
`offset >= 2`. Because of the bug in `size`, it *is* possible for
`@safe` code to call `get` with such an instance. Therefore,
`get` does not have a safe interface.
More information about the Digitalmars-d
mailing list