On Wednesday, 11 July 2018 01:46:10 MDT Piotr Mitana via Digitalmars-d-learn wrote: > On Tuesday, 10 July 2018 at 13:24:43 UTC, WebFreak001 wrote: > > It's supposed to make webservers safe and not crash because of > > segmentation faults, etc. > > > > If you still want to write code like you are used to and don't > > care about that in your webserver, just mark everything in the > > implementation @trusted (but @safe in the interface) and it > > will be fine. > > I understand the motivation of this and this motivation is > undoubtly correct. > > The problem is when you use the libraries, especially those > interfacing with C code. The intention of @trusted is to use it > to mark the code that *is* memory safe, but it cannot be verified > automatically by the compiler (for example required checks are > done before an array access). > > That's why there is a problem with the libraries that are *not* > safe - or at least I don't know the code and cannot verify that > they are.
Well, you should be able to at least verify that your usage of the library is @safe. The internals may have problems, but if you've verified all of your code and marked it as @trusted, then the compiler can check the rest of your code, and if there _is_ a memory corruption problem, you know where to look - any @trusted code and then any libraries you're using. But if you just give up and let all of your code be @system, then you lose out on all of the benefits of the compiler verifying your code. The C binding in druntime are typically marked with @trusted so long as their API is @safe (and thus any @safety bugs in using it are inside the C implementation and not due to misuing the function), since if we don't do that, then @safe becomes pretty useless pretty fast in real world programs. At some point, you have to trust that the C functions are doing their jobs properly, but regardless of whether they are, @trusted allows you to narrow down the problem when there is a memory corruption issue while allowing most of your program to be verified by the compiler - which is the point. - Jonathan M Davis