Typical security issues in C++: why the GC isn't your enemy
areYouSureAboutThat
areYouSureAboutThat at gmail.com
Wed Dec 14 20:54:44 UTC 2022
On Wednesday, 14 December 2022 at 11:45:02 UTC, Dukc wrote:
>
> This is really just a nice shorthand for the `@safe` main with
> `@trusted` lambda inside. It's also a better practice, since
> `@trusted` in a function signature is easier to spot for a code
> reviewer than the lambda inside the function.
The point of my referencing that link, is that you cannot compile
in unsafe code into your library in Rust without (1) the compiler
telling you, you can't do it unless.. or (2) you do what the
compiler tells you.
That is, you cannot unknowingly compile in unsafe code into your
library.
In D you can, since @trusted is no different from @system. It's
just that @safe trusts @trusted. Therefore you have no way of
knowing your getting @trusted (unsafe) in your library, as you do
not need to annotate anything to get it. It just gets in there
without you ever knowing.
Put simply, I would like to know when @trusted code is being
compiled into my library.. hence my suggestion about an 'optin'
compiler switch that tells you just that (as it currently does
for @system, @nogc ...
More information about the Digitalmars-d
mailing list