Simplification of @trusted
ag0aep6g
anonymous at example.com
Thu Jun 17 19:25:51 UTC 2021
On 17.06.21 20:46, Ola Fosheim Grøstad wrote:
> What about it isn't safe? It is provably safe? Meaning, I can do a
> formal verification of it as being safe!?
`offset` is an input to `get` (via `this`). `offset` is an int, so all
possible values (int.min through int.max) are considered "safe values".
`get` exhibits undefined behavior when `offset` is greater than 1. A
function that can exhibit undefined behavior when called with only safe
values cannot be @trusted.
> If this isn't safe then it becomes impossible to write @safe wrappers
> for C data structures.
As I wrote, DIP 1035 addresses this.
More information about the Digitalmars-d
mailing list