Simplification of @trusted

ag0aep6g anonymous at example.com
Thu Jun 17 21:16:02 UTC 2021


On Thursday, 17 June 2021 at 21:00:13 UTC, Paul Backus wrote:
> On Thursday, 17 June 2021 at 20:42:20 UTC, Ola Fosheim Grøstad 
> wrote:
>> On Thursday, 17 June 2021 at 20:33:33 UTC, Paul Backus wrote:
>>> Assuming [issue 20941][1] is fixed, yes.
>>
>> […]
>>
>>> Yes.
[...]
> The interpretation that I and ag0aep6g have been describing is 
> the correct one.

Yet I would answer "no" where you answered "yes" above.

The question was: "Yes, but if I make size() @trusted and fix the 
bug then interface is provably safe?".

The corresponding code:

```d
class A {

     this() @trusted {
         ptr = &buffer[0];
         offset = 0;
     }

     int get() @trusted { return ptr[offset]; }
     void set(int i) @trusted { this.offset = i&1; }
     int size() @trusted { return 2;}
private:
     int[2] buffer;
     int* ptr;
     int offset;
}
```

In my opinion, that code is fundamentally equivalent to this 
(regarding the safety of  `get`):

```d
int get(int* ptr, int offset) @trusted { return ptr[offset]; }
```

That function does not have a safe interface, because it exhibits 
undefined behavior wenn called like `get(new int, 1000)`, which 
@safe code can do.

`private`, other methods, the constructor - those things don't 
matter.


More information about the Digitalmars-d mailing list