Encapsulating trust
monarch_dodra via Digitalmars-d
digitalmars-d at puremagic.com
Tue Sep 2 11:08:10 PDT 2014
On Tuesday, 2 September 2014 at 17:20:06 UTC, Daniel Murphy wrote:
> This is Wrong! Any function that uses these wrappers is
> abusing @trusted.
>
> eg:
>
> import stdx.trusted;
>
> int* func(int x) @safe
> {
> return addrOf(x);
> }
>
> This functions is @safe, but happily returns an invalid
> pointer. This is possible because addrOf violates the
> requirement that @trusted functions must be completely @safe to
> call from an @safe function.
That's a good point.
> Having syntax (or a wrapper function) to do the second wrapping
> automatically would violate @safe. If it was syntax, it would
> be banned in @safe. If it's a wrapping method like the proposed
> 'call', then it is a program error for it to be marked @trusted.
Good points too.
A very logical conclusion.
More information about the Digitalmars-d
mailing list