DIP 1028---Make @safe the Default---Community Review Round 1
Arine
arine123445128843 at gmail.com
Thu Jan 9 19:09:41 UTC 2020
On Thursday, 9 January 2020 at 18:47:23 UTC, Johannes Pfau wrote:
> Now someone changes data to int[2]:
>
> @safe void someFunction()
> {
> int[2] data;
> // Lot's of code
> @trusted
> {
> data.ptr[3] = 42;
> }
> }
>
> So by modifying @safe code only, you introduced a memory safety
> issue. The interface of a @trusted function however is more
> strictly defined:
>
> @trusted function set(ref int[4] data)
> {
> data.ptr[3] = 42;
> }
>
That's a pretty contrived example.
@safe void someFunction()
{
int[2] data;
// Lot's of code
@unsafe
{
static assert( data.length > 3 );
data.ptr[3] = 42;
}
}
There you get the same safety and you don't have to create a
separate function that passes in a ref to a int array of a static
size, that'll probably literally never be used anywhere else.
If it's a dynamic array, then they are both equally @unsafe and
it's up to you to ensure it is safe. If you have that @unsafe
block in the function, it's going to be a lot easier to see where
that potential problem is. Otherwise it'll look like any other
@safe function.
More information about the Digitalmars-d
mailing list