On Thursday, 21 January 2016 at 04:31:25 UTC, Jakob Ovrum wrote:
That was for non-templated functions where this approach makes no sense. Indeed it is counterproductive, because @trusted on the whole function is a better indication of what needs to be reviewed for memory safety (the whole function!).

Thanks! I got confused because your used example actually leaves @safe hole with this specific usage of @trusted :

void foo(T)(T t) {
    auto p = () @trusted { return &t; } ();
    p.bar();
}

struct S { int x; }
S* global;

void bar (S* ptr) @safe
{
    global = ptr;
}

void main () @safe
{
    foo(S.init);
    global.x = 42; // oops, writing to some random stack memory
}

I'd suggest at the very least to add a comment before "p.bar();" saying "Must not escape 'p' pointer or @safe-ty will be compromised".

Reply via email to