Typical security issues in C++: why the GC isn't your enemy
Timon Gehr
timon.gehr at gmx.ch
Mon Jan 23 15:13:04 UTC 2023
On 1/22/23 22:02, Dom Disc wrote:
>
>> - Unknown scope of _actual_ `@trusted`, you will have to manually
>> check _`@safe`_ code as well, and a priori you will have no idea how
>> much of it you have to check (this part is terrible).
>
> Why is this terrible? In worst case you have to check exactly as much
> code manually as you do today. But in most cases you have to check much
> less.
It's terrible for the reason I pointed out. It's not modular. A priori
_you don't know how much_ code you have to check, you just know that you
have to check _some_ `@safe` code, because if you check the `@trusted`
lambdas on their own they cannot pass muster.
Officially you only have to check `@trusted` code. However, if you do
that, typically all you learn is that the `@trusted` code is bad because
it has an unsafe interface...
More information about the Digitalmars-d
mailing list