On 24.05.20 19:44, Arine wrote:
On Sunday, 24 May 2020 at 15:42:54 UTC, ag0aep6g wrote:
[...]
@system does indicate that you don't have to check a function. But its
trumped by other indicators:
[...]
You *have* to check @system code. That's where you are guarantee'd to
have memory safety issues. If you are ignoring @system code because you
think @safe code doesn't interact with it at all, then that's a problem
you are creating for yourself. @system code can still call @safe code,
and that @system code that is calling the @safe code can pass invalid
information that causes the @safe code to misbehave. You have to check
@system for memory safety issues.
You're right; it's not accurate that "@system does indicate that you
don't have to check a function". That's only true under particular
conditions:
When your entry points are @safe and you have already verified all
@trusted functions (including their call graphs which might include
@system functions), then you can ignore any other @system functions,
because your program doesn't call them anyway. But that's true for any
function. If your program doesn't call it, you don't need to check it.
So it's not a particularly meaningful thing to say about @system, and
that's on me.
