[Issue 14125] @trusted nested helper functions in std.file
via Digitalmars-d-bugs
digitalmars-d-bugs at puremagic.com
Wed Feb 4 18:17:55 PST 2015
https://issues.dlang.org/show_bug.cgi?id=14125
--- Comment #37 from Walter Bright <bugzilla at digitalmars.com> ---
(In reply to hsteoh from comment #35)
> @Andrei: any @safe function can call a @trusted function that may contain
> arbitrary unsafe operations. Just because something is marked @safe at the
> top guarantees nothing.
This is a misunderstanding of what @trusted is. It's very important that we
clear this up.
Your misunderstanding seems to be that the CALLER of @trusted code must be
careful to use it safely. This is incorrect. @trusted code needs to be
reviewable for safety by ONLY looking at the @trusted code body. NOT the way
the @trusted code is used. For example:
@trusted void foo() {
auto p = malloc(3);
free(p);
}
is correct use of trust. The following is incorrect:
@trusted void* tmalloc(size_t n) { return malloc(n); }
@trusted void tfree(void* p) { return free(p);
@safe void foo() {
auto p = tmalloc(3);
tfree(p);
}
Make sense?
--
More information about the Digitalmars-d-bugs
mailing list