D not considered memory safe
Walter Bright
newshound2 at digitalmars.com
Thu Jul 11 16:26:59 UTC 2024
On 7/9/2024 8:58 AM, Nick Treleaven wrote:
> Any pattern to subvert safe involves the `@trusted` attribute (except for
> compiler bugs, which editions help to fix). `@trusted` is an obvious flag in
> code review that memory-safety may be violated. Grepping for `@trusted` is an
> easy way to narrow down places where memory-safety is violated.
>
> Arguing that @trusted can be abused is a tiny problem compared to the far harder
> to detect abuse in @system by default code.
That's right. Converting an entire program to @safe can be done successfully by
doing it incrementally, getting it to pass its test suite at each step. The way
to do it incrementally is to start by labeling each function @trusted, then
making them @safe one by one.
I've done this, it works.
And, as you observe, grepping for "@trusted" makes for a builtin-in TODO list!
More information about the Digitalmars-d
mailing list