What exactly does "@safe" mean?
monarch_dodra
monarchdodra at gmail.com
Sat Jun 1 13:31:44 PDT 2013
On Saturday, 1 June 2013 at 20:22:01 UTC, Nick Sabalausky wrote:
> On Sat, 01 Jun 2013 21:59:18 +0200
> "monarch_dodra" <monarchdodra at gmail.com> wrote:
>
>> The way I understood it, @safe defines a list of things that
>> are or aren't legal inside the implementation of a function.
>> It also changes the scheme of bounds checking, in release code.
>>
>> What bothers me though, is that from an interface point of
>> view, it doesn't really mean anything (or at least, I haven't
>> really understood anything). AFAIK: if I call something
>> "@safe", chances of a core dump are relatively "lower", but
>> they can still happen:
>> * A function that accepts a pointer as an argument can be
>> marked safe, so all bets are off there, no, since the pointer
>> can be dereferenced?
>> * Member functions for structs that have pointers, too, can be
>> marked safe...
>>
>> Or does it only mean "if you give me valid pointers, I can't
>> core dump*"?
>> (*ignoring current flaws, such as escaping slices from static
>> arrays)
>>
>> The main reason about this question is that now I'm confused
>> about @trusted: what are the conditions a developer needs to
>> take into account before marking a function "@trusted" ?
>>
>> Ditto for member functions, when they operate on pointer
>> members. Can those be @safe?
>>
>> Yeah, overall, I'm confused as to what "@safe" means from an
>> interface point of view :(
>
> Core dumps aren't the big problem @safe tries to avoid. The big
> problem
> is memory corruption, ie trampling memory you didn't expect to
> (or
> shouldn't be allowed to).
So, let's say I have:
--------
void foo(int* p) @safe
{
*p = 0;
}
--------
I suppose that this give foo the liberty of saying "p points to
someplace valid" ... "and if not, it's not my fault"?
I suppose something that is trusted then means "I will not
trample your memory under any circumstance, even if I'm doing
unsafe things under the hood (unless you give a pointer that is
already bad)"?
More information about the Digitalmars-d
mailing list