On Monday, 27 May 2019 at 10:01:15 UTC, Atila Neves wrote:
On Monday, 27 May 2019 at 09:07:48 UTC, Paolo Invernizzi wrote:
On Monday, 27 May 2019 at 08:54:45 UTC, Atila Neves wrote:
On Friday, 24 May 2019 at 16:51:11 UTC, ag0aep6g wrote:
Then there's the fact that if a 3rd party library really does
want to corrupt memory they can just tag all their functions
with @trusted, and unless someone looks at their code nobody
will be the wiser.
... and a @safe conscious programmer will not touch that
library ever with a 5 five meters pole.
I'm still not convinced that trusted code should accept
generic system code ... can you elaborate more?
I'm not convinced either - I'm having a dialogue to figure out
potential issues.
:-)
My nice-try to reduce the problem is: trusted code block needs to
by "manually verified" for safety by humans, so it should be
"@safe pure", aka, if you can't perform the analysis looking only
at the statements in the trusted block, that can't be marked
trusted.
