Typical security issues in C++: why the GC isn't your enemy
areYouSureAboutThat
areYouSureAboutThat at gmail.com
Tue Dec 13 05:26:23 UTC 2022
On Tuesday, 13 December 2022 at 02:45:29 UTC, Siarhei Siamashka
wrote:
>
> It's impossible to do a syscall by using just `@safe` code and
> nothing else.
oh. so you mean syscalls and integrating with C is not safe? ;-)
My concern really is:
How do I know my @safe code is calling @safe code and not
@trusted code?
@safe interfaces are nice - but all of Phobos could just as well
be marked as @trusted, since @safe implicately trusts @trusted,
and my @safe code would still compile just fine.
But when I -release it, I discover something that is not so
welcome...cause all of that @trusted code is no longer subject to
runtime memory safety checks.
I would like the compiler to tell me I'm calling code that has
been marked as @trusted, and that if I want to proceed, then I
need to compile with: -enableTrusted
That way, I've opted in to unsafety (i.e. @safe being allowed to
use @trusted), rather than being defaulted in to it.
More information about the Digitalmars-d
mailing list