Both safe and wrong?
XavierAP
n3minis-git at yahoo.es
Thu Feb 7 08:35:37 UTC 2019
On Wednesday, 6 February 2019 at 10:02:18 UTC, Olivier FAURE
wrote:
>
> Anyway, thinking about it, I think fixing this elegantly might
> require coming up with new semantics. How do you make sure that
> no @system code is called in your project without manually
> checking every single variable declaration in your dependencies?
Isn't it enough that the same constraints have been in place when
compiling the dependencies, if they are flagged as @safe? (Of
course excepting @trusted code, that's always about trusting the
human author's word that their unsafe code has no unsafe
consequences; same as if you link to a C library.)
If @safe can be circumvented (in global initializations) then
it's no longer a promise of safety, with all the security
consequences, but rather an empty attribute.
If safety is indeed to be a "big thing" in computer science,[1]
this is just a vulnerability bug that needs to be fixed.
[1]
https://www.reddit.com/r/cpp/comments/6b4xrc/walter_bright_believes_memory_safety_will_kill_c/
More information about the Digitalmars-d
mailing list