DIP 1028---Make @safe the Default---Community Review Round 1
ag0aep6g
anonymous at example.com
Thu Jan 9 19:24:42 UTC 2020
On Thursday, 9 January 2020 at 18:47:23 UTC, Johannes Pfau wrote:
> @safe void someFunction()
> {
> int[4] data;
> // Lot's of code
> @trusted
> {
> data.ptr[3] = 42;
> }
> }
>
> Now someone changes data to int[2]:
>
> @safe void someFunction()
> {
> int[2] data;
> // Lot's of code
> @trusted
> {
> data.ptr[3] = 42;
> }
> }
>
> So by modifying @safe code only, you introduced a memory safety
> issue. The interface of a @trusted function however is more
> strictly defined:
>
> @trusted function set(ref int[4] data)
> {
> data.ptr[3] = 42;
> }
Unfortunately, that kind of @trusted misuse is pretty common.
@system variables is a feature that can help in such cases.
There's a DIP in the making:
https://github.com/dlang/DIPs/pull/179
You could then write someFunction as:
@safe void someFunction()
{
@system int[4] data;
// Lot's of code
@trusted
{
data.ptr[3] = 42;
}
}
Now you're guaranteed that "lot's of code" can't touch `data`,
and you can rely on that in the @trusted section.
More information about the Digitalmars-d
mailing list