On Saturday, 1 June 2013 at 21:41:40 UTC, Jonathan M Davis wrote:
They're guaranteed to not introduce any such behavior. They
can't possibly
make any guarantees if the caller did @system operations and
passed a bad
pointer to the @safe function. But if all of the functions in
the call stack
are @safe, and you call an @safe function, then you can't get
any memory
corruption unless it (or a function that it calls) calls an
@trusted function
which was incorrectly verified by the programmer who marked it
as @trusted.
- Jonathan M Davis
Updated example from above to show how @safe can introduce UB.
import std.stdio;
class A
{
int[] data;
~this()
{
writeln(data);
}
}
void foo(int[] a) @safe
{
A x = new A;
x.data = a;
}
void main() @safe
{
int[4] y;
foo(y);
}
