Safety audit and the overlooked emergency exit

Bastiaan Veelo Bastiaan at Veelo.net
Tue May 26 15:54:31 UTC 2020


On Tuesday, 26 May 2020 at 15:39:11 UTC, Bruce Carneal wrote:
> On Tuesday, 26 May 2020 at 15:01:06 UTC, Bastiaan Veelo wrote:
>> [snipped an outline of tooling to mitigate 1028 damage]
>>
>> I think this would be a tool that adds real practical value 
>> and helps to reduce the cost of audits. And not the least, 
>> regarding the current discussion, it diminishes the importance 
>> of whether extern(C[++]) declarations are actually @system or 
>> @safe.
>>
>
> Yes.  Tooling is good and will be much appreciated if 1028 
> stands.  Reducing the need for tooling is even better.
>
> @safe: the compiler checks

The compiler does not and cannot check inside @trusted. Whether 
or not one requires extern(C[++]) to be behind or within @trusted 
does not change what the compiler can or cannot check.

> @safe post 1028: the compiler checks, sometimes, just not in 
> the scary parts

The amount of code that requires human auditing remains the same. 
What matters is how to find that code, and how to maintain the 
validity of the audits.

-- Bastiaan.


More information about the Digitalmars-d-announce mailing list