Simplification of @trusted
ag0aep6g
anonymous at example.com
Thu Jun 17 21:16:02 UTC 2021
On Thursday, 17 June 2021 at 21:00:13 UTC, Paul Backus wrote:
> On Thursday, 17 June 2021 at 20:42:20 UTC, Ola Fosheim Grøstad
> wrote:
>> On Thursday, 17 June 2021 at 20:33:33 UTC, Paul Backus wrote:
>>> Assuming [issue 20941][1] is fixed, yes.
>>
>> […]
>>
>>> Yes.
[...]
> The interpretation that I and ag0aep6g have been describing is
> the correct one.
Yet I would answer "no" where you answered "yes" above.
The question was: "Yes, but if I make size() @trusted and fix the
bug then interface is provably safe?".
The corresponding code:
```d
class A {
this() @trusted {
ptr = &buffer[0];
offset = 0;
}
int get() @trusted { return ptr[offset]; }
void set(int i) @trusted { this.offset = i&1; }
int size() @trusted { return 2;}
private:
int[2] buffer;
int* ptr;
int offset;
}
```
In my opinion, that code is fundamentally equivalent to this
(regarding the safety of `get`):
```d
int get(int* ptr, int offset) @trusted { return ptr[offset]; }
```
That function does not have a safe interface, because it exhibits
undefined behavior wenn called like `get(new int, 1000)`, which
@safe code can do.
`private`, other methods, the constructor - those things don't
matter.
More information about the Digitalmars-d
mailing list