@system blocks and safer @trusted (ST) functions
Paul Backus
snarwin at gmail.com
Mon Jul 26 13:58:46 UTC 2021
On Monday, 26 July 2021 at 09:39:57 UTC, claptrap wrote:
> On Monday, 26 July 2021 at 07:32:24 UTC, Paul Backus wrote:
>>
>> @trusted code is correct if and only if it cannot possibly
>> allow undefined behavior to be invoked in @safe code.
>
> Your example doesn't invoke undefined behaviour in safe code,
> it invokes undefined behaviour in system code. The UB is in the
> system block. The memory corruption happens in the system
> block. After that all bets are off.
Well, it is in a `@trusted` function, which is callable from
`@safe` code, so any undefined behavior in the `@system` block is
also possible undefined behavior in `@safe` code.
If you can write a call to `favoriteElement` from `@safe` code
that causes UB, that would be sufficient to demonstrate that it
is not memory safe. Of course, it only counts as a mistake in my
example if you use the version I wrote, not your own modified
version. :)
More information about the Digitalmars-d
mailing list