Trusted Manifesto
Zach the Mystic via Digitalmars-d
digitalmars-d at puremagic.com
Mon Feb 9 20:03:04 PST 2015
On Tuesday, 10 February 2015 at 03:36:14 UTC, Walter Bright wrote:
> On 2/9/2015 6:21 PM, H. S. Teoh via Digitalmars-d wrote:
>> What stops the following abuse of @trusted via
>> trusted()?
>>
>> int* myFunc(void* p) @safe // <-- I'm claiming to be @safe
>> {
>> // But actually I'm not! Though I can convince the
>> // compiler that I am...
>> return trusted!(() => cast(int*)p);
>> }
>>
>> char c;
>> auto p = myFunc(&c); // oops
>> *p = 999; // kaboom
>>
>> Are we just relying on convention that trusted() will not be
>> abused in
>> this way?
>
> That's right. @trusted will always rely on convention.
You could put the 'trusted' template right in object.d, to save
people the awkward burden of importing it from std.conv all the
time. But that would be a language change, of sorts.
More information about the Digitalmars-d
mailing list