Safety audit and the overlooked emergency exit
Bastiaan Veelo
Bastiaan at Veelo.net
Tue May 26 15:54:31 UTC 2020
On Tuesday, 26 May 2020 at 15:39:11 UTC, Bruce Carneal wrote:
> On Tuesday, 26 May 2020 at 15:01:06 UTC, Bastiaan Veelo wrote:
>> [snipped an outline of tooling to mitigate 1028 damage]
>>
>> I think this would be a tool that adds real practical value
>> and helps to reduce the cost of audits. And not the least,
>> regarding the current discussion, it diminishes the importance
>> of whether extern(C[++]) declarations are actually @system or
>> @safe.
>>
>
> Yes. Tooling is good and will be much appreciated if 1028
> stands. Reducing the need for tooling is even better.
>
> @safe: the compiler checks
The compiler does not and cannot check inside @trusted. Whether
or not one requires extern(C[++]) to be behind or within @trusted
does not change what the compiler can or cannot check.
> @safe post 1028: the compiler checks, sometimes, just not in
> the scary parts
The amount of code that requires human auditing remains the same.
What matters is how to find that code, and how to maintain the
validity of the audits.
-- Bastiaan.
More information about the Digitalmars-d-announce
mailing list