On 06/07/2017 09:45 PM, ag0aep6g wrote:
When no @trusted code is involved, then catching an out-of-bounds error from a @safe function is safe. No additional rules are needed. Assuming no compiler bugs, a @safe function simply cannot corrupt memory without calling @trusted code.
Thinking a bit more about this, I'm not sure if it's entirely correct. Can a @safe language feature throw an Error *after* corrupting memory? For example, could `a[i] = n;` write the value first and do the bounds check afterwards? There's probably a better example, if this kind of "shoot first, ask questions later" style ever makes sense.
If bounds checking could be implemented like that, you wouldn't be able to ever catch the resulting error safely. Wouldn't matter if it comes from @safe or @trusted code. Purity wouldn't matter either, because an arbitrary write like that doesn't care about purity.
